Cisco Secure Access Control System SQLi Vulnerability (cisco-sa-20150211-csacs)

2015-02-2000:00:00

www.tenable.com

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.002

Percentile

61.4%

JSON

The version of Cisco Secure Access Control System (ACS) running on the remote host is prior to 5.5 patch 7. It is, therefore, affected by a SQL injection vulnerability due to not properly sanitizing user input to the ACS View reporting interface pages. An authenticated, remote attacker, using crafted HTTP requests, can disclose or modify arbitrary data in the ACS View databases by injecting or manipulating SQL queries.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(81421);
  script_version("1.8");
  script_cvs_date("Date: 2019/11/25");

  script_cve_id("CVE-2015-0580");
  script_bugtraq_id(72576);
  script_xref(name:"CISCO-BUG-ID", value:"CSCuq79027");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20150211-csacs");

  script_name(english:"Cisco Secure Access Control System SQLi Vulnerability (cisco-sa-20150211-csacs)");
  script_summary(english:"Checks the ACS version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Cisco Secure Access Control System (ACS) running on the
remote host is prior to 5.5 patch 7. It is, therefore, affected by a
SQL injection vulnerability due to not properly sanitizing user input
to the ACS View reporting interface pages. An authenticated, remote
attacker, using crafted HTTP requests, can disclose or modify
arbitrary data in the ACS View databases by injecting or manipulating
SQL queries.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e9cfc99c");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAlert.x?alertId=37354");
  script_set_attribute(attribute:"solution", value:
"Upgrade to version 5.5 patch 7 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0580");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:secure_access_control_system");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_secure_acs_version.nasl");
  script_require_keys("Host/Cisco/ACS/Version", "Host/Cisco/ACS/DisplayVersion");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit("Host/Cisco/ACS/Version");
display_ver = get_kb_item_or_exit("Host/Cisco/ACS/DisplayVersion");

fix = '5.5.0.46.7';

if ( ver_compare(ver:ver, fix:fix, strict:FALSE) < 0 )
{
  set_kb_item(name:'www/0/SQLInjection', value:TRUE);

  if (report_verbosity > 0)
  {
    report =
      '\n  Installed version : ' + display_ver +
      '\n  Fixed version     : ' + fix + '\n';
    security_warning(port:0, extra:report);
  }
  else security_warning(0);

}
else audit(AUDIT_INST_VER_NOT_VULN, 'Secure ACS', display_ver);