CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
35.6%
The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.10.4. It is, therefore, affected by multiple vulnerabilities:
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected application. (CVE-2023-20258)
A vulnerability in the web-based management interface of Cisco EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. (CVE-2023-20271)
A vulnerability in the application CLI of Cisco EPNM and Cisco Prime Infrastructure could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. (CVE-2023-20260)
-A vulnerability in the web-based management interface of Cisco EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct XSS attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. (CVE-2023-20257)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(188003);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/25");
script_cve_id(
"CVE-2023-20257",
"CVE-2023-20258",
"CVE-2023-20260",
"CVE-2023-20271"
);
script_xref(name:"CISCO-BUG-ID", value:"CSCwf81859");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf81862");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf81865");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf81870");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf83557");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf83560");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf83565");
script_xref(name:"CISCO-SA", value:"cisco-sa-pi-epnm-wkZJeyeq");
script_xref(name:"IAVA", value:"2024-A-0022");
script_name(english:"Cisco Prime Infrastructure Multiple Vulnerabilities (cisco-sa-pi-epnm-wkZJeyeq)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.10.4. It is, therefore, affected
by multiple vulnerabilities:
- A vulnerability in the web-based management interface of Cisco Prime Infrastructure
could allow an authenticated, remote attacker to execute arbitrary commands on the
underlying operating system. This vulnerability is due to improper processing of
serialized Java objects by the affected application. (CVE-2023-20258)
- A vulnerability in the web-based management interface of Cisco EPNM and Cisco Prime
Infrastructure could allow an authenticated, remote attacker to conduct SQL injection
attacks on an affected system. This vulnerability is due to improper validation of
user-submitted parameters. (CVE-2023-20271)
- A vulnerability in the application CLI of Cisco EPNM and Cisco Prime Infrastructure
could allow an authenticated, local attacker to gain elevated privileges. This
vulnerability is due to improper processing of command line arguments to application
scripts. (CVE-2023-20260)
-A vulnerability in the web-based management interface of Cisco EPNM and Cisco Prime
Infrastructure could allow an authenticated, remote attacker to conduct XSS attacks.
This vulnerability is due to improper validation of user-supplied input to the
web-based management interface. (CVE-2023-20257)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?53497b93");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf15468");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf81859");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf81862");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf81865");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf81870");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf83557");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf83560");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf83565");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in the vendor advisory");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-20258");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/10");
script_set_attribute(attribute:"patch_publication_date", value:"2024/01/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/12");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:prime_infrastructure");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_prime_infrastructure_detect.nbin");
script_require_keys("installed_sw/Prime Infrastructure");
script_require_ports("Services/www", 443);
exit(0);
}
include('vcf.inc');
var app_info = vcf::combined_get_app_info(app:'Prime Infrastructure');
vcf::check_granularity(app_info:app_info, sig_segments:3);
var constraints = [
{'fixed_version': '3.10.4.2', 'fixed_display': "3.10.4 Update 2"}
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20257
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20258
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20260
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20271
www.nessus.org/u?53497b93
bst.cloudapps.cisco.com/bugsearch/bug/CSCwf15468
bst.cloudapps.cisco.com/bugsearch/bug/CSCwf81859
bst.cloudapps.cisco.com/bugsearch/bug/CSCwf81862
bst.cloudapps.cisco.com/bugsearch/bug/CSCwf81865
bst.cloudapps.cisco.com/bugsearch/bug/CSCwf81870
bst.cloudapps.cisco.com/bugsearch/bug/CSCwf83557
bst.cloudapps.cisco.com/bugsearch/bug/CSCwf83560
bst.cloudapps.cisco.com/bugsearch/bug/CSCwf83565
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
35.6%