CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
According to its self-reported version, Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities is affected by a Blind SQL Injection (SQLi) vulnerability.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED 850808637078063f4af9e872c0fe522bcd54310202e77b9d6c2683481155cfdbb0fd7988c8c0044f2cbd7bbda7048d69081a0aab30597a83256fda78b6b1ff193d9b5e932d45b9ca1e0ac178b4bd59e02a57c31259e5d0649b8388e33dd586c4e655aa2110c48ae41067c991a65b2897690523d24f34a3a0d37f5810a76d84bf80edd17b28301230babcd3f4e76bfa389153bf663ad1038d1ef98f0aa5e0063940bd94ee226fbc96e5a0780b4f693768f52f68a33501047fe87a1b7f53fe00cf7931dac607895c39bf2e546f5527635ca8c926b60d48467a191dfcaa25a613a354a70c7fcf9faacc205ccc81a02ded58add7fc46d698e54c1e4cfb784bfe91327e893c4a55e69d17860ea5be754e678ae2e5574616e6c0b066758f082d09807c6d54f6f43fc2b3b9d2cf371e578124336e3a38e8f3105cadeedc10e67356baf8a1cdb25fe47f1450363022c73c900b6528e3507bd740734664d4fad2cb89f663c3a36957c5ae71f4a01682082c45e6f4169c1cf842c622eed906b588ed11de589650006b4ac39d9e3f579a068d6dcbff8d6ac5074358c1ed15d625531e7f09efd65cf560f153408ecedbe2c1a56121d80426d89fd616761f0ae8bfe577eabb15683aa57fd9d6c9c3c9c56ec3a124917fdf53b1f3208f6a6387a3075bf2038a87e17fa914bc8ca419463bde0969987ee2558b93e2657590d62ebf4cc07d39c40b
#TRUST-RSA-SHA256 0972d9cea5cb685482c2fac5d99f38c89b3075753b292e38e79170168ee51249e7cea18e93c9ba9802ce1dc536e0df2c910a774e736a44d8187b8290e6e2a9b77a07cce75ea3725025107f3f37d24072f75acf5832526b52b4f6ebb01a7fd39374b1d778ae71deca39a8b7b0de82618e8a4aac64045cfdb2a968799f7438b78667a03cc3a2bc6a455e2e2f1107cc097dccbb37d41eb9a197196332eaa6ceb87c873fa1ffc9498cf3d65dc41c32cb384c147c5a9edf630b51eb0552ed3843617583edad2b99f91445dbbafb438f6009f63efcee4f31f30e2605fce36ca410692eeffa07fb41d346032771bfce3e403d465efa40e48ab80175be63e743fbb329c40b8ee5df4fa0e075b098499bd6485d3935bfdaf5ad39f5fd2b441599bdb77961aa1b6a4180cf2f2bd838dda1bd56f6055b387b6612ced2825dcb12b3e9392503be6030245f82b3f4dd4f1adda3e032b857e3f74a7487e43e871543161d14b9ff3dc329224b3d77949638b818797214bd078877eef89385e918ee5412a2076e849c54de81b51bdf18224b17b30a6ab13b13ca48c738b0c02d09fc0393a57389bfae31788a87dcd2be6787549fa606048e4dcff02b382b24bde315f6a788edd04d35d2d774ca350ede5292e5c1847a8e8429a58e4e9d57b414b77d62f88bf5d6de1f62d4e6960f77170e53eaa68618f454e703eabd7ec31eecef714f8a81f49e83
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(206882);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/17");
script_cve_id("CVE-2024-20417");
script_xref(name:"CISCO-BUG-ID", value:"CSCwj94294");
script_xref(name:"CISCO-BUG-ID", value:"CSCwj94297");
script_xref(name:"CISCO-BUG-ID", value:"CSCwj94305");
script_xref(name:"CISCO-BUG-ID", value:"CSCwj94315");
script_xref(name:"CISCO-SA", value:"cisco-sa-ise-rest-5bPKrNtZ");
script_xref(name:"IAVA", value:"2024-A-0414-S");
script_name(english:"Cisco Identity Services Engine REST API Blind SQLi (cisco-sa-ise-rest-5bPKrNtZ)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities is
affected by a Blind SQL Injection (SQLi) vulnerability.
- Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an
authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to
insufficient validation of user-supplied input in REST API calls. An attacker could exploit these
vulnerabilities by sending crafted input to an affected device. A successful exploit could allow the
attacker to view or modify data on the affected device. (CVE-2024-20417)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rest-5bPKrNtZ
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7be112f7");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj94294");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj94297");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj94305");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj94315");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwj94294, CSCwj94297, CSCwj94305, CSCwj94315");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20417");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(89);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/21");
script_set_attribute(attribute:"patch_publication_date", value:"2024/08/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:identity_services_engine");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine_software");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ise_detect.nbin");
script_require_keys("Host/Cisco/ISE/version");
exit(0);
}
include('ccf.inc');
include('cisco_ise_func.inc');
var product_info = cisco::get_product_info(name:'Cisco Identity Services Engine Software');
var vuln_ranges = [
{'min_ver':'0.0', 'fix_ver':'3.1.0.518', required_patch:'10'},
{'min_ver':'3.2', 'fix_ver':'3.2.0.542', required_patch:'7'}, # At the time of plugin release 3.2 Patch 7 is slated for release September 2024
{'min_ver':'3.3', 'fix_ver':'3.3.0.430', required_patch:'4'}, # At the time of plugin release 3.3 Patch 4 is slated for release October 2024
];
var required_patch = get_required_patch(vuln_ranges:vuln_ranges, version:product_info['version']);
var reporting = make_array(
'port' , 0,
'severity' , SECURITY_HOLE,
'version' , product_info['version'],
'flags' , {'sqli':TRUE},
'bug_id' , 'CSCwj94294, CSCwj94297, CSCwj94305, CSCwj94315',
'disable_caveat', TRUE
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_ranges:vuln_ranges,
required_patch: required_patch
);