5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.002 Low
EPSS
Percentile
55.1%
An authentication bypass vulnerability exists in Cisco IOS XR Software due to a logic error, which prevents the ACL from working when applied against the standby route processor management interface. An unauthenticated, remote attacker can exploit this by attempting to access the device through the standby route processor management interface.
#TRUSTED 64bf6065b6976abaec4c239f4c95fc4cdec609ce9bb2ab6b3ce668eb7aaeb773015882ea810cd496b86fe1fb813ac0299c173d0fe673cc837e0486a7f6bf43eeac725f25e27ce31a9cc145ea12d7c3378aeacca2a76770cd109bd86a6bb47b61182e17ded2136466e3e5083d53b63ec8a891340f4041f9b319de0bd95b4f2fa9e4edf8fecce46c85af0bfc57cc62137070429c2bed21b10edf6efcdeb355e685391478b38f0e1f0b66bb9fd705ad2fa090be8b4147fdbb072191b0ca426e3b44878598770613512cdebdfb90ac3cfe4131d93b5cda508755e6ab3e2744ee8bdcba4719556fb5944c2b88f69c1d3b96f7800c54fbfc58686fb05359bac8c5628e6e65c9f370be3b86d1ec81fa00baa3d41c83e20389254ad59f5586892e338153c423aada21988958ba3c5406b242ee09992579aeca8e7fad39d9b77819419319258f8030060f520164c02ee52eb535a7e08a2d24ef574d1afd722108c0ef6c1834bc780d96e8c259f7dbfc481d01bc9190e273ea2df6effe45e95547328ff091c72c872c6f8138a1265b120ec12df585fe5ec8cfa78156c6740d06b1e83598ac658127f5cf09f744e306c3ceeb85fa4655b44686521931d4c4e60a9fa2f5dca892d79ac4c24d4d23326577e04b35ce8ffd1c994795afd480b555882592297a9bf1fba0cabb19502b07d916e8ea1454172a9d19f3eb76ba402056b6a4bedb1348
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(137851);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/09/10");
script_cve_id("CVE-2020-3364");
script_xref(name:"CISCO-BUG-ID", value:"CSCvt55079");
script_xref(name:"CISCO-SA", value:"cisco-sa-xracl-zbWSWREt");
script_xref(name:"IAVA", value:"2020-A-0278-S");
script_name(english:"Cisco IOS XR Software Standby Route Processor Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability (cisco-sa-xracl-zbWSWREt)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"An authentication bypass vulnerability exists in Cisco IOS XR Software due to a logic error, which prevents the ACL
from working when applied against the standby route processor management interface. An unauthenticated, remote attacker
can exploit this by attempting to access the device through the standby route processor management interface.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xracl-zbWSWREt
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bbea3208");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt55079");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvt55079");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3364");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(284);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/17");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/26");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xr_version.nasl");
script_require_keys("Host/Cisco/IOS-XR/Version", "Settings/ParanoidReport");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
product_info = cisco::get_product_info(name:'Cisco IOS XR');
version_list=make_list(
'6.7.1',
'7.0.2',
'7.0.11',
'7.0.12',
'7.1.1',
'7.1.15'
);
reporting = make_array(
'port' , product_info['port'],
'severity' , SECURITY_WARNING,
'version' , product_info['version'],
'bug_id' , 'CSCvt55079',
'disable_caveat', TRUE
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_versions:version_list
);
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.002 Low
EPSS
Percentile
55.1%