This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-ISE-XSS-V2BM9JCY.NASLCisco Identity Services Engine Stored XSS Vulnerabilities (cisco-sa-ise-xss-V2bm9JCY)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
14.7%
According to its self-reported version, Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities is affected by multiple vulnerabilities.
-
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device.
(CVE-2024-20443) -
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have Admin privileges on an affected device. (CVE-2024-20479)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED afa088f56fe918c7463dd7d5b2d8023ef1b72e4ac0685a8c57311140ac512a221f3028c96243034b85e4478f3f8795d5f4402e61195c66f415a9875eae3b15feaefacb22b9d913badb49a7f8e975ef4119bae79ac569139ea638cc5a25380be3275141a1cbfecfbacc12a76cb28f45e7e21e4ceb4894c683de666c0ab05d2d3bdfc40129dcf8f8e997d24f7b1c844a1e91ee085c96a40fbb2540fd80fb8d5dbd3c0873d777c2d8a35da81882b9fb28ef73186d1af1f9970a36c22b1f9306cf20bf57953c40313c39a86be09e23b2fb0f5ff9ef83aaa816680324ab26932a0b2f38311ce04c20dd120b47a749dc01ec4c80c8929fd3329c1c8c02f27aa51adc2159aba66a08c14c7b5cc2d9fba1a0c036f17a105e1e9d878431a50788125c9ff8850fbe04b83a3c902370465fcaf3ae044d05e6bf56e21b1bb39dac9d057029d740b8c61ce495bc375d5fd32cb61ae4eb3dea4ffde6c4b1330eb2cff18a57201f53d6a097c898274a3ec97c25f07825c2cffa07e15f218179b217660b52457349716032a05eec345090946220bb3fbae8c058f81cdcc104b7f93192eea063110e2dd66a8b8af973d5a5f8c94409830150d2d35f11d1d1feb05ce9ad41550efad1bddf380da6638d27b6cdcc11b037d79097aa4db678707be59466ee1ebca3b2a31d87121e601213641182428d7ab55a3fd0065c9ecb66e9018a69cfc1737b39e6
#TRUST-RSA-SHA256 4ec66534e0ea7dfe6f48fd9a1e3bd100d2cc147e8fe0c4a447d6b7e3ba7414e53606a7655cc44ae3457434b6f44062252dc0da2ca8845e6f49a3308db2e13d5ad3a286853a05ccc7c05d54da70bdd76c9b3a9748240f3e94cd2e2dbddda25305f7280eaf4b42ce0945373e69c107971bbf8165fb84d67f7f980ed46679aa850a95e5bf4a04a026c0dafc49d63923ffcab4d32ac066305e2b8446a6b3a9fce08bc76bc95d8cf528d454c4dedb8a217b38666b97621c70fd6a8f9539bec9db6d355feb8767694440d1c570338c7349209d7063e236d68015ab9a16b06aa00dc730634d7ae4388cb0a17924fd3ec615ec17033e2e89886073d2e90bfe04cb1e0608f76da8e6313fc3e168e8f8bd4a27846015674a46236c5d3efdba7da85b54f1b79225a8bc1c2ab3d7caba7fee258dc1699543e8be6575e85ddce9b735bb16ace74b69e73b1cf2683e18be4be9374f9512cb275d878cdaf70614a02a0a1a6716de6fa723eb7e79a5334635a60a1264c0408ef54e3392accb0cb252d9c2390c8df80041551791936ee42a7944778fd4b4cc5c30e256528dba168b2f569615dba050672eb99976e0b708b9b7ca218025834d8a3298ef9d153f7d991071c9094c0b779f875d04643c0884f02540241da36abcea4bf37a6b4d738ad1fa1124df7f9e406e9a7adc1d90efc235689d90b9a7aaf74e0dc610d1834f567ea1ddab6256ba84
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(205290);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/06");
script_cve_id("CVE-2024-20443", "CVE-2024-20479");
script_xref(name:"CISCO-BUG-ID", value:"CSCwj04195");
script_xref(name:"CISCO-BUG-ID", value:"CSCwj04197");
script_xref(name:"CISCO-SA", value:"cisco-sa-ise-xss-V2bm9JCY");
script_xref(name:"IAVA", value:"2024-A-0471-S");
script_name(english:"Cisco Identity Services Engine Stored XSS Vulnerabilities (cisco-sa-ise-xss-V2bm9JCY)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities is
affected by multiple vulnerabilities.
- A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote
attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to
insufficient validation of user-supplied input by the web-based management interface of an affected
system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of
the interface. A successful exploit could allow the attacker to execute arbitrary script code in the
context of the affected interface or access sensitive, browser-based information. To exploit this
vulnerability, the attacker must have at least a low-privileged account on an affected device.
(CVE-2024-20443)
- A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote
attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to
insufficient validation of user-supplied input by the web-based management interface of an affected
system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of
the interface. A successful exploit could allow the attacker to execute arbitrary script code in the
context of the affected interface or access sensitive, browser-based information. To exploit this
vulnerability, the attacker must have Admin privileges on an affected device. (CVE-2024-20479)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-V2bm9JCY
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a1a0913");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj04195");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj04197");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwj04195, CSCwj04197");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20443");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(79);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/07");
script_set_attribute(attribute:"patch_publication_date", value:"2024/08/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/09");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:identity_services_engine_stored_cross-site_scripting_vulnerabilities");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
exit(0);
}
include('ccf.inc');
include('cisco_ise_func.inc');
var product_info = cisco::get_product_info(name:'Cisco Identity Services Engine Software');
var vuln_ranges = [
{'min_ver':'0.0', 'fix_ver':'3.1.0.518', required_patch:'9'},
{'min_ver':'3.2', 'fix_ver':'3.2.0.999', required_patch:'7'},
{'min_ver':'3.3', 'fix_ver':'3.3.0.430', required_patch:'3'},
];
var required_patch = get_required_patch(vuln_ranges:vuln_ranges, version:product_info['version']);
var reporting = make_array(
'port' , 0,
'severity' , SECURITY_WARNING,
'version' , product_info['version'],
'flags' , {'xss':TRUE},
'bug_id' , 'CSCwj04195, CSCwj04197',
'disable_caveat', TRUE
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_ranges:vuln_ranges,
required_patch: required_patch
);
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
14.7%