Cisco Identity Services Engine Privilege Escalation Vulnerabilities (cisco-sa-ise-os-injection-pxhKsDM)

2023-02-0200:00:00

www.tenable.com

cisco

identity services engine

privilege escalation

vulnerabilities

command injection

administrator

authentication

local attacker

input validation

security patch

cve-2023-20021

cve-2023-20022

cve-2023-20023

cscwd07340

cscwd07341

cscwd07344

0.0004 Low

EPSS

Percentile

5.2%

JSON

According to its self-reported version, Cisco Identity Services Engine is affected by multiple privilege escalation vulnerabilities that allow an authenticated, local attacker with Administrator privileges to inject commands due to insufficient input validation.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(170964);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/20");

  script_cve_id("CVE-2023-20021", "CVE-2023-20022", "CVE-2023-20023");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwd07340");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwd07341");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwd07344");
  script_xref(name:"CISCO-SA", value:"cisco-sa-ise-os-injection-pxhKsDM");
  script_xref(name:"IAVA", value:"2023-A-0065-S");

  script_name(english:"Cisco Identity Services Engine Privilege Escalation Vulnerabilities (cisco-sa-ise-os-injection-pxhKsDM)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Identity Services Engine is affected by multiple privilege escalation
vulnerabilities that allow an authenticated, local attacker with Administrator privileges to inject commands due to
insufficient input validation.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-os-injection-pxhKsDM
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bdb1908c");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd07340");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd07341");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd07344");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwd07340, CSCwd07341, CSCwd07344");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-20023");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/02/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/02");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:identity_services_engine");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine_software");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ise_detect.nbin");
  script_require_keys("Host/Cisco/ISE/version");

  exit(0);
}

include('ccf.inc');
include('cisco_ise_func.inc');

var product_info = cisco::get_product_info(name:'Cisco Identity Services Engine Software');

var vuln_ranges = [
  {'min_ver':'3.2', 'fix_ver':'3.2.0.542'}
];

var reporting = make_array(
  'port'          , 0,
  'severity'      , SECURITY_WARNING,
  'version'       , product_info['version'],
  'bug_id'        , 'CSCwd07340, CSCwd07341, CSCwd07344',
  'disable_caveat', TRUE,
  'fix'           , 'See vendor advisory'
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_ranges:vuln_ranges,
  required_patch:'2'
);

VendorProductVersionCPE
ciscoidentity_services_enginecpe:/h:cisco:identity_services_engine
ciscoidentity_services_enginecpe:/a:cisco:identity_services_engine
ciscoidentity_services_engine_softwarecpe:/a:cisco:identity_services_engine_software

Vendor	Product	CPE
cisco	identity_services_engine	cpe:/h:cisco:identity_services_engine
cisco	identity_services_engine	cpe:/a:cisco:identity_services_engine
cisco	identity_services_engine_software	cpe:/a:cisco:identity_services_engine_software