Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.CISCO-SN-CVE-2014-7996-UCS.NASL
HistoryMay 01, 2015 - 12:00 a.m.

Cisco Unified Computing System Integrated Management Controller XSRF (CSCuq45477)

2015-05-0100:00:00
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
www.tenable.com
21

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.002

Percentile

58.4%

JSON

A vulnerability in the web framework of the Cisco Unified Computing System Integrated Management Controller can allow an unauthenticated, remote attacker to perform a cross-site request forgery attack.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(83183);
  script_version("1.4");
  script_cvs_date("Date: 2018/11/15 20:50:20");

  script_cve_id("CVE-2014-7996");
  script_bugtraq_id(71171);
  script_xref(name:"CISCO-BUG-ID", value:"CSCuq45477");

  script_name(english:"Cisco Unified Computing System Integrated Management Controller XSRF (CSCuq45477)");
  script_summary(english:"Checks the UCS version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by a cross-site request forgery
vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the web framework of the Cisco Unified Computing
System Integrated Management Controller can allow an unauthenticated,
remote attacker to perform a cross-site request forgery attack.");
  # http://tools.cisco.com/security/center/viewAlert.x?alertId=36456
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e45e7335");
  script_set_attribute(attribute:"solution", value:
"Contact the vendor for a fix or workaround. Also, refer to Cisco bug
ID CSCuq45477 for patches that might possibly be available.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_computing_system");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/01");

  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
  script_family(english:"CISCO");

  script_dependencies("cisco_ucs_manager_version.nasl");
  script_require_keys("installed_sw/cisco_ucs_manager");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");

app = "Cisco UCS Manager";
get_install_count(app_name:'cisco_ucs_manager', exit_if_zero:TRUE);

port = get_http_port(default:80);
install = get_single_install(app_name:'cisco_ucs_manager', port:port, exit_if_unknown_ver:TRUE);

url = build_url(qs:install['path'], port:port);
version = install['version'];

match = eregmatch(pattern:"^([0-9.]+)\(([^)]+)\)", string:version);
if (isnull(match)) audit(AUDIT_VER_NOT_GRANULAR, app, port, version);

major = match[1];
build = match[2];

# Advisory specifies the following as vulnerable:
# 1.4 1i, 1j, 1m, 3i, 3l, 3m, 3q, 3s, 3u, 3y, 4f, 4g, 4i, 4j, 4k, 4l
# 2.0 1q, 1s, 1t, 1w, 1x, 2m, 2q, 2r, 3a, 3b, 3c, 4a, 4b, 4d, 5a, 5b, 5c, 5d, 5e, 5f
# 2.1 1a, 1b, 1d, 1e, 1f, 2a, 2c, 2d, 3a, 3b, 3c, 3d, 3e, 3f
# 2.2 1b, 1c, 1d, 1e, 2c, 2d, 2e, 3a, 3b, 3c
# 3.0 1c
if (
  (major == '3.0' && build == '1c') ||
  (major == '2.0' && build =~ '^(1[qstwx]|2[mqr]|3[abc]|4[abd]|5[abcdef])$') ||
  (major == '2.1' && build =~ '^(1[abdef]|2[acd]|3[abcdef])$') ||
  (major == '2.2' && build =~ '^(1[bcde]|2[cde]|3[abc])$' ||
  (major == '1.4' && build =~ '^(1[ijm]|3[ilmqsuy]|4[fgijkl])$'))
)
{
  set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);

  if (report_verbosity > 0)
  {
    report =
      '\n  URL               : ' + url +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : See vendor.' +
      '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(0);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, 'Cisco UCS Manager', url, version);
VendorProductVersionCPE
ciscounified_computing_systemcpe:/h:cisco:unified_computing_system

Related

cvelist 1
nvd 1
cve 1
cisco 1
prion 1
cvelist
cvelist
CVE-2014-7996
2014-11-18 23:00:00
nvd
nvd
CVE-2014-7996
2014-11-18 23:59:04
cve
cve
CVE-2014-7996
2014-11-18 23:59:04
cisco
cisco
Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability
2014-11-18 19:20:10
prion
prion
Cross site request forgery (csrf)
2014-11-18 23:59:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.002

Percentile

58.4%

JSON
Related for CISCO-SN-CVE-2014-7996-UCS.NASL
cvelist1nvd1cve1cisco1prion1