CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
According to its self-reported version number, the instance of Cisco Viptela hosted on the remote server is prior to 19.2.2. It is, therefore, affected by multiple vulnerabilities:
A privilege escalation vulnerability exists in Cisco SD-WAN Solutions due to insufficient input validation.
An authenticated, local attacker can exploit this, by sending a crafted request to an affected system, to gain root access to the system. (CVE-2020-3265)
A buffer overflow condition exists in Cisco SD-WAN Solutions due to insufficient input validation. An authenticated, local attacker can exploit this, by sending crafted traffic to an affected device, to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make. (CVE-2020-3264)
#TRUSTED 42ce9808892ca27acb9293a73549444f9d1e480478a53a8aad1c086b50acc98611652837462b3eb3fc0a838c6bff7bc729d8a162ef089589d75c02766e077d080969f1894f7fb1bd00c9d70a6ce41f83234bbdad0958cd1e04318a983bf9515afc8e554901182dd7a3f25c39598d4e208d89032f3d3f5179462c5c7d20615159c565fdfb863c7f809f8a100bf03a8f3900722c3c911e8e866b989227d3e7c74dbcbf659d096252fd46da93366aa71a3791774df83506e6db37053d56449bb3010fc76624eb1f4398feadb1cea80fb3d3723d51d2fe5be82b6eb00b261667edd733b632118d6b76c49050bc6d86cb851ad65a1f649f7cc3927956050c31cdbd5670d0b6600d85381218fbb09ba1b9c4d201a6e0d5559077aa9f1f83ef59fcd5cb904fecc9f2d62de4753d325121e1c65fd524252001e2e3196baa2d6196adeb935b9a0822ae847131c6d6f2c84b0f94df5b575be446fd233e11764054e4b2534517ecb5c6dbe867a68e1ded079bbed1bd6263193da4b835adc909cf756ef145cd40d47eb62e85c5a709f9709097b434425badcc86b10c581eb8e7ee2cd3c4dcc56452065e086911932e72cd0be37a41ee429471cd14b763a60509459a1380ab7b865450e3d4c1c6cd14f423e66a0a0372c46677b851dac2eee8d64fd5b0df599a33cfe9a48119e574ab49801221be4f9d8ab8095178a07616243e99821e9e48be
#TRUST-RSA-SHA256 5642e53733a0035d76b8bebd640acc53b4d0645b98556afc810fbfa791ce70922c57079fc507eaac117c77f8d48b2e61944fbe0627728da4dd4b8e02582077e72f02e3c474c54291f1e4e6a9637e840376cf083a79b4f9318ef48ecceff85f1ffe7570caa11cf6f171fc421514394b685636158de3ab96cda45840835dbf9ceca74c1f93e5352f638bf7a7042d12ed54f82efa1bb52f55f70c4b11f5b4e73695a4f45bd385351b0389bdfea92e738ef675ea7970d8ea49986f9555ed9a2c9d721e5928494df3107891927432a0caa347c2c61561554ee375b135bf9a5fcf8007868d69a1e969b71e360495b4be341ab72716c1ddd9787a4f3059f86aa65baeff4ce5cd7bcdafe2b624e9613e87956e16f5b83feaf1277a6e2707290aa89b514ea92cdce229ea9e617f2b0ac875915080f2093cdc18c75d93f11d80b62659d10942e5d3a1c64676bc9d8b66ff942b3a26a54e5ba2f1e9f4c29685ead7b45ca485f9a02ec2939b58374b692659c87a21573c36c560bb409bc9c2d988d300b48b850533897ed90b66b888233db9577b7acd219b2b2eb213afb451eb609a9511738de7de4a02de7932de410fdf4e36b01d9e306b80aa1fe272474b8b1f0970109121c0319ee15b917a45c23f2cb9d291c83b3280c86568f0930913fdb22ad7766979658115e9e67202ca9716e86019cbc893a4299e7e20e980690d157179c490984e
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(141438);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/15");
script_cve_id("CVE-2020-3264", "CVE-2020-3265");
script_xref(name:"CISCO-BUG-ID", value:"CSCvs50619");
script_xref(name:"CISCO-BUG-ID", value:"CSCvs47117");
script_xref(name:"CISCO-SA", value:"cisco-sa-sdwpresc-ySJGvE9");
script_xref(name:"CISCO-SA", value:"cisco-sa-sdwanbo-QKcABnS2");
script_name(english:"Cisco SD-WAN Solutions < 19.2.2 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the instance of Cisco Viptela hosted on the remote server is prior
to 19.2.2. It is, therefore, affected by multiple vulnerabilities:
- A privilege escalation vulnerability exists in Cisco SD-WAN Solutions due to insufficient input validation.
An authenticated, local attacker can exploit this, by sending a crafted request to an affected system, to
gain root access to the system. (CVE-2020-3265)
- A buffer overflow condition exists in Cisco SD-WAN Solutions due to insufficient input validation. An
authenticated, local attacker can exploit this, by sending crafted traffic to an affected device, to
gain access to information that they are not authorized to access and make changes to the system that
they are not authorized to make. (CVE-2020-3264)");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwpresc-ySJGvE9
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?57b99f17");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanbo-QKcABnS2
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d49d1bd3");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvs50619 or CSCvs47117");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3265");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(264);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/18");
script_set_attribute(attribute:"patch_publication_date", value:"2020/03/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:sd-wan_solution");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_vedge_detect.nbin");
script_require_keys("Cisco/Viptela/Version");
exit(0);
}
include('ccf.inc');
product_info = cisco::get_product_info(name:'Cisco Viptela');
vuln_ranges = [
{'min_ver' : '0.0', 'fix_ver' : '19.2.2'}
];
reporting = make_array(
'port' , product_info['port'],
'severity' , SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , 'CSCvs50619, CSCvs47117',
'disable_caveat', TRUE
);
cisco::check_and_report(product_info:product_info, reporting:reporting, vuln_ranges:vuln_ranges);
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%