Lucene search

K
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.IVANTI_POLICY_SECURE_CVE-2023-38551.NASL
HistoryMay 24, 2024 - 12:00 a.m.

Ivanti Policy Secure 22.x XSS Vulnerability

2024-05-2400:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
ivanti policy secure
xss vulnerability
cross-site scripting
authenticated user
security advisory
crlf vulnerability

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

The Ivanti Policy Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a CRLF vulnerability. This vulnerability allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (c) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(197883);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/27");

  script_cve_id("CVE-2023-38551");
  script_xref(name:"IAVA", value:"2024-A-0307");

  script_name(english:"Ivanti Policy Secure 22.x XSS Vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"A NAC solution installed on the remote host is affected by a cross-site scripting vulnerability.");
  script_set_attribute(attribute:"description", value:
"The Ivanti Policy Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by 
a CRLF vulnerability.  This vulnerability allows an authenticated high-privileged user to inject 
malicious code on a victim’s browser, thereby leading to cross-site scripting attack.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://forums.ivanti.com/s/article/KB-Security-Advisory-Ivanti-Connect-Secure-Ivanti-Policy-Secure-May-2024?language=en_US
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4997df12");
  script_set_attribute(attribute:"solution", value:
"See vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:P/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-38551");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/05/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/24");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:pulsesecure:pulse_policy_secure");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("pulse_policy_secure_detect.nbin");
  script_require_keys("installed_sw/Pulse Policy Secure");

  exit(0);
}

include('vcf.inc');
include('http.inc');

var port = get_http_port(default:443);
var app_info = vcf::get_app_info(app:'Pulse Policy Secure', port:port);

var constraints = [
  {'min_version':'22', 'fixed_version':'22.7.1.2615', 'fixed_display': '22.7R1 (Build 2615)'}  # 22.7R1
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

VendorProductVersionCPE
pulsesecurepulse_policy_securecpe:/a:pulsesecure:pulse_policy_secure

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for IVANTI_POLICY_SECURE_CVE-2023-38551.NASL