Cisco Prime Infrastructure Multiple Vulnerabilities (cisco-sa-pi-epnm-eRPWAXLe)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(173976);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/24");

  script_cve_id(
    "CVE-2023-20127",
    "CVE-2023-20129",
    "CVE-2023-20130",
    "CVE-2023-20131"
  );
  script_xref(name:"CISCO-BUG-ID", value:"CSCwc25461");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwc51948");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwc76734");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwd28312");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwd69561");
  script_xref(name:"CISCO-SA", value:"cisco-sa-pi-epnm-eRPWAXLe");
  script_xref(name:"IAVA", value:"2023-A-0219-S");

  script_name(english:"Cisco Prime Infrastructure Multiple Vulnerabilities (cisco-sa-pi-epnm-eRPWAXLe)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.7.1, 3.8.1, 3.9.1 or 3.10.2.
It is, therefore, affected by multiple vulnerabilities as referenced in the cisco-sa-pi-epnm-eRPWAXLe advisory:

  - An information disclosure vulnerability in the web-based management interface of Cisco Prime
    Infrastructure due to insufficient protection of sensitive data. An authenticated remote attacker can
    exploit this vulnerability by accessing the interface as a low-privileged user and taking certain
    actions within the configuration pages of the network devices. A successful exploit allows the attacker
    to access sensitive information about the network devices stored on the affected device. (CVE-2023-20127)

  - A cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Prime
    Infrastructure due insufficient validation user-supplied input. An authenticated, remote attacker
    can exploit this vulnerability to inject malicious code into specific pages of the interface allowing the
    attacker to execute arbitrary code in the context of the affected device or access sensitive, browser-
    based information. (CVE-2023-20131)

  - An arbitrary file read vulnerability in the web-based management interface of Cisco Prime Infrastructure
    due to insufficient validation of user input. A remote, authenticated attacker can exploit this
    vulnerability to access sensitive files in the underlying operating system of the affected device.
    (CVE-2023-2023-20129)

  - A cross-site request forgery (CSRF) vulnerability in the web-based management interface of Cisco Prime
    Infrastructure due to insufficient CSRF protections. An attacker could exploit this vulnerability by
    persuading a user of the interface to the follow a specially crafted link resulting in the attacker being
    able to perform arbitrary actions on the affected system with the privileges of the target user.
    (CVE-2023-20130)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?838ad81a");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc25461");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc51948");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc76734");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd28312");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd69561");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwc25461, CSCwc51948, CSCwc76734, CSCwd28312,
CSCwd69561");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-20130");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/04/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/06");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:prime_infrastructure");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_prime_infrastructure_detect.nbin");
  script_require_keys("installed_sw/Prime Infrastructure");
  script_require_ports("Services/www", 443);

  exit(0);
}

include('vcf.inc');

var app_info = vcf::combined_get_app_info(app:'Prime Infrastructure');

vcf::check_granularity(app_info:app_info, sig_segments:3);
var constraints = [
  {'fixed_version': '3.7.1'},
  {'min_version': '3.8', 'fixed_version': '3.8.1'},
  {'min_version': '3.9', 'fixed_version': '3.9.1'},
  {'min_version': '3.10', 'fixed_version': '3.10.2'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{'xsrf':TRUE, 'xss':TRUE});