Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities (cisco-sa-mlt-ise-strd-xss-nqFhTtx7)

2020-07-07T00:00:00
ID CISCO-SA-MLT-ISE-STRD-XSS-NQFHTTX7.NASL
Type nessus
Reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-07-07T00:00:00

Description

According to its self-reported version, Cisco Identity Services Engine Software is affected by multiple vulnerabilities in the web-based management interface. An authenticated, remote attacker with administrative credentials exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

                                        
                                            #TRUSTED 1f4e69acffefa410ba5d81da6efab72f8f3fb9ff05cfc6f654e42afa99e8d41832a781a20b8f29f1c5f51b85d35603732d9552002432a2a8cd36348959b25f89916f32900ce64b39cebc8589dd54445f49e031c276b71ce28494863aa9408afdb19e344c6f02c6ef8758eeb498a39a48eabea1e62872a94dbbee3237a242900d4d70dd0dda710fc39c8ce67309d1d03457faedaef2a320eff4959a439adb9ca0e9112cfbc1199685a212068af09e1bcc7630b2ce8d77a10c304be5ca1d3529ceac183e7d53f38ca7ac1846c2fa0e3c85d26993a763a61c8b9cfceb71f867f3a517d49066f94bf1afe6cbda0b59cc82442a0ec29f5acb91ecc8a7e5f7b9bb06b3a76e97a55dc22198081a9d9d0f62db74d6abc4c4d80fd8cd52f5adca0ce86ca2e2a02f122528c3a36ceea4acef129f4a758ba2db8ceb0566ba860f8bf60edd3d41953dc6c06a87869227c6e686b806f05ca137f347c6771b6b29c9f2419314fd5e65858fa11c9d39b7d5dba9044ad49e23d4da4aaa236149393e9972227fa1a225086e03c12ec0af14c5ba07374ef67f2eabfaa3b7d1bd4f557e04357456828370a962dc63842b3b93be1de7cbfc01a9ee64e4b88486ec36dc6ace997b97fd66169f9fcb9f328ceec3c118f7bac7c32d47dcd1b17c54ca32fa0d82f918a3f09f660b5b12588ef66ae9856849a9f647f9e3ef7abb7fc0c5c6d442e804185d33da
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(138152);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/08/10");

  script_cve_id("CVE-2020-3340");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvs96516");
  script_xref(name:"CISCO-SA", value:"cisco-sa-mlt-ise-strd-xss-nqFhTtx7");
  script_xref(name:"IAVA", value:"2020-A-0058");

  script_name(english:"Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities (cisco-sa-mlt-ise-strd-xss-nqFhTtx7)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Identity Services Engine Software is affected by multiple vulnerabilities
in the web-based management interface.  An authenticated, remote attacker with administrative credentials exploit these
vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the
attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based
information.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlt-ise-strd-xss-nqFhTtx7
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?01e187b5");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs96516");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvs96516");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3340");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(79);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/07/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:identity_services_engine");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ise_detect.nbin");
  script_require_keys("Host/Cisco/ISE/version");

  exit(0);
}

include('cisco_workarounds.inc');
include('ccf.inc');

product_info = cisco::get_product_info(name:'Cisco Identity Services Engine Software');

vuln_ranges = [
  { 'min_ver' : '1' , 'fix_ver' : '2.6.0.156' }
];

required_patch = '7';

reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_NOTE,
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvs96516',
  'fix'      , 'See advisory',
  'xss'      , TRUE
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_ranges:vuln_ranges,
  required_patch:required_patch
);