ID CISCO-SA-VMANDOWNDIR-CVGVDKM3.NASL Type nessus Reporter This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-03-16T00:00:00
Description
The version of Cisco SD-WAN vManage Software installed on the remote host is affected by a vulnerability as referenced in the cisco-sa-vmandowndir-CVGvdKM3 advisory.
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to the affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. (CVE-2020-3401)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
#TRUSTED 1b7e437595ba0093f05f9a7cfccd2e8b12cf1557c1f52dd2b128068ed80abfd648e04885a85f37e6405b8801180135cc9d1b4589ba97a0c84655d11d0b3586f8e2c6ac72a002ef01e6a2c5202641a453bb35bd9409184a5b9e99e26fe3b292e7fd41ab3e97d9d76e7d6b6eb3d2e5d647b549512de625beb8f35bf9fd83de3c6d045fe89762f3d4d8577b89eba7cca8f7fe93301bc9993290253da114f729f43b20b11be9bb01768be49ae2311edfdf20216ece289f1702e238bf5c2fe590ee17d2cd91d268be34bcb40a97c6029a3202fb0ad0f0e0b3e200100c57dab233c394aa1e48cba747b406ab7687d57b089be9ef246aa76cf7a096bac22a98985d3d03ac198f9c65ab978a1c3aef1e9669e347bef9b008dcf2ad1c03503f579b5d831a460267ff37159950818b3d1106aee10d973bb8b6ecfc2c96a60a3f5e024d3556e55c7471092e4da618b1f610e9cff8f8b1b6d9881ce9275b5c70af45c617d94730e03a6313a353d5900fda3b1c000daff1756b4dfc0a4fa12ed4470df35d2996370e4a45c02baadd72da7d9f7715ba0c6d2887df6ebb1acdc94902e6f3936e0ba4001402e4c424e2c48d696e59a7daa8e22f6b4cc2ac637ec263dfbdf7dc1bed0c44dd5d8b61119903422a680dcfbdb07010cd0389c3f3c415d8702cf5626fd8c8e70118bcf1280c8dd187c46d945813ff138f876ebe159ae5ba86d2fee5fc88
##
# (C) Tenable Network Security, Inc.
##
include('compat.inc');
if (description)
{
script_id(147760);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/16");
script_cve_id("CVE-2020-3401");
script_xref(name:"CISCO-BUG-ID", value:"CSCvt74757");
script_xref(name:"CISCO-SA", value:"cisco-sa-vmandowndir-CVGvdKM3");
script_name(english:"Cisco SD-WAN vManage Software Path Traversal (cisco-sa-vmandowndir-CVGvdKM3)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"The version of Cisco SD-WAN vManage Software installed on the remote host is affected by a vulnerability as referenced
in the cisco-sa-vmandowndir-CVGvdKM3 advisory.
- A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an
authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files
on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker
could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal
character sequences to the affected system. A successful exploit could allow the attacker to view
arbitrary files on the affected system. (CVE-2020-3401)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmandowndir-CVGvdKM3
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a0db624c");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt74757");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvt74757");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3401");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(22);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/16");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:sd-wan_vmanage");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_vedge_detect.nbin");
script_require_keys("Cisco/Viptela/Version");
exit(0);
}
include('ccf.inc');
product_info = cisco::get_product_info(name:'Cisco Viptela');
if ('vmanage' >!< tolower(product_info['model']))
audit(AUDIT_HOST_NOT, 'an affected model');
vuln_ranges = [
{'min_ver': '0.0','fix_ver': '19.2.3.0'}
];
reporting = make_array(
'port' , 0,
'severity' , SECURITY_WARNING,
'bug_id' , 'CSCvt74757',
'version' , product_info['version'],
'disable_caveat', TRUE
);
cisco::check_and_report(
product_info:product_info,
vuln_ranges:vuln_ranges,
reporting:reporting
);
{"id": "CISCO-SA-VMANDOWNDIR-CVGVDKM3.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Cisco SD-WAN vManage Software Path Traversal (cisco-sa-vmandowndir-CVGvdKM3)", "description": "The version of Cisco SD-WAN vManage Software installed on the remote host is affected by a vulnerability as referenced in the cisco-sa-vmandowndir-CVGvdKM3 advisory.\n\n - A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to the affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. (CVE-2020-3401)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-03-15T00:00:00", "modified": "2021-03-16T00:00:00", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147760", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt74757", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3401", "http://www.nessus.org/u?a0db624c"], "cvelist": ["CVE-2020-3401"], "immutableFields": [], "lastseen": "2021-08-19T12:04:35", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cisco", "idList": ["CISCO-SA-VMANDOWNDIR-CVGVDKM3"]}, {"type": "cve", "idList": ["CVE-2020-3401"]}], "rev": 4}, "score": {"value": 6.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cisco", "idList": ["CISCO-SA-VMANDOWNDIR-CVGVDKM3"]}, {"type": "cve", "idList": ["CVE-2020-3401"]}, {"type": "nessus", "idList": ["CISCO_VEDGE_DETECT.NBIN"]}]}, "exploitation": null, "vulnersScore": 6.2}, "pluginID": "147760", "sourceData": "#TRUSTED 1b7e437595ba0093f05f9a7cfccd2e8b12cf1557c1f52dd2b128068ed80abfd648e04885a85f37e6405b8801180135cc9d1b4589ba97a0c84655d11d0b3586f8e2c6ac72a002ef01e6a2c5202641a453bb35bd9409184a5b9e99e26fe3b292e7fd41ab3e97d9d76e7d6b6eb3d2e5d647b549512de625beb8f35bf9fd83de3c6d045fe89762f3d4d8577b89eba7cca8f7fe93301bc9993290253da114f729f43b20b11be9bb01768be49ae2311edfdf20216ece289f1702e238bf5c2fe590ee17d2cd91d268be34bcb40a97c6029a3202fb0ad0f0e0b3e200100c57dab233c394aa1e48cba747b406ab7687d57b089be9ef246aa76cf7a096bac22a98985d3d03ac198f9c65ab978a1c3aef1e9669e347bef9b008dcf2ad1c03503f579b5d831a460267ff37159950818b3d1106aee10d973bb8b6ecfc2c96a60a3f5e024d3556e55c7471092e4da618b1f610e9cff8f8b1b6d9881ce9275b5c70af45c617d94730e03a6313a353d5900fda3b1c000daff1756b4dfc0a4fa12ed4470df35d2996370e4a45c02baadd72da7d9f7715ba0c6d2887df6ebb1acdc94902e6f3936e0ba4001402e4c424e2c48d696e59a7daa8e22f6b4cc2ac637ec263dfbdf7dc1bed0c44dd5d8b61119903422a680dcfbdb07010cd0389c3f3c415d8702cf5626fd8c8e70118bcf1280c8dd187c46d945813ff138f876ebe159ae5ba86d2fee5fc88\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147760);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\"CVE-2020-3401\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvt74757\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-vmandowndir-CVGvdKM3\");\n\n script_name(english:\"Cisco SD-WAN vManage Software Path Traversal (cisco-sa-vmandowndir-CVGvdKM3)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cisco SD-WAN vManage Software installed on the remote host is affected by a vulnerability as referenced\nin the cisco-sa-vmandowndir-CVGvdKM3 advisory.\n\n - A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an\n authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files\n on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker\n could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal\n character sequences to the affected system. A successful exploit could allow the attacker to view\n arbitrary files on the affected system. (CVE-2020-3401)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmandowndir-CVGvdKM3\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0db624c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt74757\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvt74757\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3401\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:sd-wan_vmanage\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_vedge_detect.nbin\");\n script_require_keys(\"Cisco/Viptela/Version\");\n\n exit(0);\n}\n\ninclude('ccf.inc');\n\nproduct_info = cisco::get_product_info(name:'Cisco Viptela');\n\nif ('vmanage' >!< tolower(product_info['model']))\n audit(AUDIT_HOST_NOT, 'an affected model');\n\nvuln_ranges = [\n {'min_ver': '0.0','fix_ver': '19.2.3.0'}\n];\n\nreporting = make_array(\n 'port' , 0,\n 'severity' , SECURITY_WARNING,\n 'bug_id' , 'CSCvt74757',\n 'version' , product_info['version'],\n 'disable_caveat', TRUE\n);\n\ncisco::check_and_report(\n product_info:product_info,\n vuln_ranges:vuln_ranges,\n reporting:reporting\n);\n", "naslFamily": "CISCO", "cpe": ["cpe:/a:cisco:sd-wan_vmanage"], "solution": "Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvt74757", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2020-3401", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-07-15T00:00:00", "vulnerabilityPublicationDate": "2020-07-16T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}
{"cisco": [{"lastseen": "2021-09-02T22:31:29", "description": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system.\n\nThe vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to the affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmandowndir-CVGvdKM3 [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmandowndir-CVGvdKM3\"]", "cvss3": {}, "published": "2020-07-15T16:00:00", "type": "cisco", "title": "Cisco SD-WAN vManage Software Path Traversal Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-3401"], "modified": "2020-07-15T16:00:00", "id": "CISCO-SA-VMANDOWNDIR-CVGVDKM3", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmandowndir-CVGvdKM3", "cvss": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T17:44:54", "description": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to the affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-16T18:15:00", "type": "cve", "title": "CVE-2020-3401", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3401"], "modified": "2020-07-23T15:03:00", "cpe": ["cpe:/o:cisco:sd-wan_firmware:19.2.2"], "id": "CVE-2020-3401", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3401", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:cisco:sd-wan_firmware:19.2.2:*:*:*:*:*:*:*"]}]}
