Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-VMANAGE-ESCALATION-JHQS5SKF.NASL
HistoryNov 06, 2020 - 12:00 a.m.

Cisco SD-WAN vManage Software Privilege Escalation (cisco-sa-vmanage-escalation-Jhqs5Skf)

2020-11-0600:00:00
This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
cisco
sd-wan
vmanage
privilege escalation
security patch
cve-2020-26074
JSON

According to its self-reported version, Cisco SD-WAN vManage is affected by a privilege escalation vulnerability due to improper validation of path input to the system file transfer functions. An authenticated, local attacker can exploit this to overwrite arbitrary files, allowing the attacker to modify the system in such a way that could allow the attacker to gain escalated privileges.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

#TRUSTED 12663df9d4990f6cb21a86c8208935f7e8d7c5d2f64df47ffae635c498f7dd9ebee92dc848c145b12a85977d3cdbc55e024b526040fe0bcc93fd869769aa3ba0b21cf9bc4321f9619ccc81b76cd71bcbdd70f6c6da488ec564ac681e7ddb1d17df4460363447eee66dc26854432508bb0e799f84f47c8458ae146696deb5952c1f77b6dd636c9da0fc5551f999dbb1d6bacf948c3f06fdc0977e371d29d2666b955080042185246793a0b6a27f42d21026276762df0c98ff4628918a99995edf5d907821d61c5d7099d1ef78fc78db0c8f1dc620cb46d8ed4442481fd3be9957f80ebe8cbc8d722ad1cc30bb2f42ceae60d438707f19b69dab88d4a7d43b305425be6be51cb9b1d5d9e8b95ce96610ecde9f75f6fbaad4fae54f8ff5893c613252153821169f25c45f14ce8faada937cdbe2413754880f907a0be9ad555b48bfb513e85228861c188db69c1f597741339a8f6ad4752efac1abcb2ebb86d7e08da25d091f9c7db9ca54b26b58ecf192e2ab0087704ff233ed45682aa6dcb8620ff077125a840f27e915b61130565df8db76f635cbb8e754d883cac5ac4a7a6280f909ed36c878a548a9e308cb1d2f04b2d8785537bb3a01e47cc03a2f8524c46bb83aca88588bc341f78f47da03bfbe1d384a9356b30a006485089789a5541d7605f0b085b1d67d0ee1a00c834ba6e5ff8f45634df386786aedd62dee19ece065
##
# (C) Tenable Network Security, Inc.
##

include('compat.inc');

if (description)
{
  script_id(142494);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/11/09");

  script_cve_id("CVE-2020-26074");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvv21757");
  script_xref(name:"CISCO-SA", value:"cisco-sa-vmanage-escalation-Jhqs5Skf");
  script_xref(name:"IAVA", value:"2020-A-0509");

  script_name(english:"Cisco SD-WAN vManage Software Privilege Escalation (cisco-sa-vmanage-escalation-Jhqs5Skf)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco SD-WAN vManage is affected by a privilege escalation vulnerability due to
improper validation of path input to the system file transfer functions. An authenticated, local attacker can exploit
this to overwrite arbitrary files, allowing the attacker to modify the system in such a way that could allow the
attacker to gain escalated privileges.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d229604a");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv21757");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvv21757");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-26074");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(250);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/11/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:sd-wan_vmanage");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_vedge_detect.nbin");
  script_require_keys("Cisco/Viptela/Version");

  exit(0);
}

include('ccf.inc');

product_info = cisco::get_product_info(name:'Cisco Viptela');

if ('vmanage' >!< tolower(product_info['model']))
  audit(AUDIT_HOST_NOT, 'an affected model');

vuln_ranges = [
  { 'min_ver':'0.0',  'fix_ver':'20.1.2' },
  { 'min_ver':'20.3', 'fix_ver':'20.3.2' }
];

reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_WARNING,
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvv21757',
  'disable_caveat', TRUE
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_ranges:vuln_ranges
);

Related

cve 1
cisco 1
threatpost 1
cve
cve
CVE-2020-26074
2022-02-25 11:32:23
cisco
cisco
Cisco SD-WAN vManage Software Privilege Escalation Vulnerability
2020-11-04 16:00:00
threatpost
threatpost
Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
2020-11-05 15:16:26
JSON
Related for CISCO-SA-VMANAGE-ESCALATION-JHQS5SKF.NASL
cve1cisco1threatpost1