Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(176111);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/22");
script_cve_id(
"CVE-2023-20024",
"CVE-2023-20156",
"CVE-2023-20157",
"CVE-2023-20158",
"CVE-2023-20159",
"CVE-2023-20160",
"CVE-2023-20161",
"CVE-2023-20162",
"CVE-2023-20189"
);
script_xref(name:"CISCO-BUG-ID", value:"CSCwe27386");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe27393");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe27394");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe27403");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe27424");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe27425");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe27441");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe27444");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe27445");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe32312");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe32313");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe32315");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe32318");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe32321");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe32323");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe32326");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe32334");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe32338");
script_xref(name:"CISCO-SA", value:"cisco-sa-sg-web-multi-S9g4Nkgv");
script_xref(name:"IAVA", value:"2023-A-0262");
script_name(english:"Cisco Small Business Series Switches Buffer Overflow Vulnerabilities (cisco-sa-sg-web-multi-S9g4Nkgv)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow
an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root
privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to
the web interface.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?618cd4e4");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27386");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27393");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27394");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27403");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27424");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27425");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27441");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27444");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27445");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32312");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32313");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32315");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32318");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32321");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32323");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32326");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32334");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32338");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwe27386, CSCwe27393, CSCwe27394, CSCwe27403,
CSCwe27424, CSCwe27425, CSCwe27441, CSCwe27444, CSCwe27445, CSCwe32312, CSCwe32313, CSCwe32315, CSCwe32318, CSCwe32321,
CSCwe32323, CSCwe32326, CSCwe32334, CSCwe32338");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-20189");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/17");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:cisco:small_business_series_switch");
script_set_attribute(attribute:"cpe", value:"x-cpe:/h:cisco:small_business_series_switch");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_small_business_switch_detect.nbin");
script_require_keys("Cisco/Small_Business_Router/Version", "Cisco/Small_Business_Router/Model");
exit(0);
}
include('vcf.inc');
include('http.inc');
var port = get_http_port(default:443);
var app_info = vcf::get_app_info(app:'Cisco Small Business Series Switch', port:port, webapp:TRUE);
# 250 Series Smart Switches
# 350 Series Managed Switches
# 350X Series Stackable Managed Switches
# 550X Series Stackable Managed Switches
if (app_info['model'] !~ "^CBS(2|3)50")
audit(AUDIT_HOST_NOT, 'an affected Cisco Small Business Series switch');
var constraints = [ {'min_version':'0.0', 'fixed_version' : '3.3.0.16'} ];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | small_business_series_switch | x-cpe:/o:cisco:small_business_series_switch | |
cisco | small_business_series_switch | x-cpe:/h:cisco:small_business_series_switch |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20024
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20156
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20157
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20158
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20159
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20160
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20161
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20162
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20189
www.nessus.org/u?618cd4e4
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27386
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27393
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27394
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27403
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27424
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27425
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27441
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27444
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27445
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32312
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32313
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32315
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32318
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32321
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32323
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32326
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32334
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32338