Lucene search

HistoryAug 27, 2019 - 12:00 a.m.

Cisco TelePresence VCS / Expressway Series < 12.5 REST API Server-Side Request Forgery Vulnerability

2019-08-2700:00:00

www.tenable.com

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

26.0%

JSON

According to its self-reported version number, the Cisco TelePresence VCS or Expressway Series on the remote host contains a vulnerability in the web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(128177);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2019-1679");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvn33987");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20190206-rest-api-ssrf");

  script_name(english:"Cisco TelePresence VCS / Expressway Series < 12.5 REST API Server-Side Request Forgery Vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a security bypass vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Cisco TelePresence
VCS or Expressway Series on the remote host contains a vulnerability
in the web interface of Cisco Expressway Series and Cisco TelePresence
Video Communication Server (VCS) software could allow an authenticated,
remote attacker to trigger an HTTP request from an affected server to
an arbitrary host. This type of attack is commonly referred to as 
server-side request forgery (SSRF).");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/bugsearch/bug/CSCvn33987");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-rest-api-ssrf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ee44583b");
  script_set_attribute(attribute:"solution", value:
"Upgrade to version 12.5 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1679");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/02/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/27");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:telepresence_video_communication_server_software");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:telepresence_video_communication_server");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:telepresence_video_communication_server");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:expressway_software");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_telepresence_video_communication_server_detect.nbin");
  script_require_keys("Cisco/TelePresence_VCS/Version");

  exit(0);
}

include("vcf.inc");

app = "Cisco TelePresence Device";

app_info = vcf::get_app_info(app:app, port:port, kb_ver: 'Cisco/TelePresence_VCS/Version');

constraints = [
  { "min_version" : "8.7", "fixed_version" : "12.5" }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

VendorProductVersionCPE
ciscotelepresence_video_communication_server_softwarecpe:/a:cisco:telepresence_video_communication_server_software
ciscotelepresence_video_communication_servercpe:/a:cisco:telepresence_video_communication_server
ciscotelepresence_video_communication_servercpe:/h:cisco:telepresence_video_communication_server
ciscoexpressway_softwarecpe:/a:cisco:expressway_software

Vendor	Product	CPE
cisco	telepresence_video_communication_server_software	cpe:/a:cisco:telepresence_video_communication_server_software
cisco	telepresence_video_communication_server	cpe:/a:cisco:telepresence_video_communication_server
cisco	telepresence_video_communication_server	cpe:/h:cisco:telepresence_video_communication_server
cisco	expressway_software	cpe:/a:cisco:expressway_software

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1679

www.nessus.org/u?ee44583b

tools.cisco.com/bugsearch/bug/CSCvn33987

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

26.0%

JSON

Related for CISCO_TELEPRESENCE_VCS_CSCVN33987.NASL