Lucene search

HistorySep 13, 2019 - 12:00 a.m.

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

2019-09-1300:00:00

www.tenable.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

51.5%

JSON

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

#TRUSTED 6fbce208e66977c4eb806c6dba6d39e1972ef4e2b12fb2f872e04387675ceed72d9dbc9c30636f712790d1727d58a7fe4464aed8057e1d5ebf2a6d041c8982fe940bd284ab1e39531cf6b2ffafc864c8c47b50c1cbe8e760206149cb9a5fb6be5c03b98fbc0e84dbe0c4eac7caa62a9f77ec03bc685ee0bff27672d7a86040948c77feffbb87edec9af3ba7b563eeacf5e0d33b7184be8cae9fd014e12da6189a17401c1ddeff627130255c5357deaeb21a690aea05a7ee1593060de85f917bf5efd0de5a88bdbbb111cd3dfa64d3063b33046e4e043dfa1871e370b74558c3c81077a430f71c1c675bc1bb5eb6929d47b67451e4de0a99be5c4d74ee4ba7a93148d53c40ad3f689f42eb506a7381f3c1aa3c8ec886bff48c2f2941bb4a8dd767995a5103d32c03e9fe77756d6b97a4a2f2cd560c716f6214cb5f95d683995d2391ae65aed2b5ed750f8264b2207852e9a831f274f632e2fdf6c25ceaa0468c2cbab6624001c30d3d2e36c89e7cc0df0c9ec9cddd7bd2a8e45adc516500c545a9ca6c8b8ea59ab06395b02abcd7b573f4e85424a354f5e880bf8c16aeae4adcc41edafdfd99e7cd45174e835619395f2ba0e3c1cd3303afe2e1e373b64d97c1a5e6ec0bbb759ae01267d2592d141396ca3aad8726e01ca19bf0f605cf537831d747bce64bd07129feddffb7a1d665ac172b08fd64dda8242cdbac8491e9e379d
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(128761);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/06");

  script_cve_id("CVE-2019-12644");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvp98851");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20190904-ise-xss");

  script_name(english:"Cisco Identity Services Engine Cross-Site Scripting Vulnerability");
  script_summary(english:"Checks Cisco Identity Services Engine version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the web-based management interface of Cisco
Identity Services Engine (ISE) Software could allow an
unauthenticated, remote attacker to conduct a cross-site scripting
(XSS) attack against a user of the web-based management interface of
an affected device. The vulnerability exists because the web-based
management interface of the affected device does not properly validate
user-supplied input. An attacker could exploit this vulnerability by
persuading a user to click a crafted link. A successful exploit could
allow the attacker to execute arbitrary script code in the context of
the affected interface or access sensitive, browser-based information.

Please see the included Cisco BIDs and Cisco Security Advisory for
more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-ise-xss
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0e2b423a");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp98851");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvp98851");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12644");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(79);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:identity_services_engine");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine_software");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ise_detect.nbin");
  script_require_keys("Host/Cisco/ISE/version");

  exit(0);
}

include('audit.inc');
include('cisco_workarounds.inc');
include('ccf.inc');

product_info = cisco::get_product_info(name:'Cisco Identity Services Engine Software');

# 'At the time of publication, this vulnerability affected Cisco ISE Software
# releases earlier than Release 2.6.0.' - Cisco
# advisory updated and Release 2.4.0.357 Patch 10
vuln_ranges = [
  { 'min_ver': '0.0',      'fix_ver': '2.4.0.357'} , 
  { 'min_ver' : '2.5.0',   'fix_ver' : '2.6.0' }
];

workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);
workaround_params = make_list();

required_patch = '';
if (product_info['version'] =~ "^2\.4\.0($|[^0-9])") required_patch = '10';

reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_WARNING,
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvp98851',
  'xss'      , TRUE
);

cisco::check_and_report(
  product_info      : product_info,
  workarounds       : workarounds,
  workaround_params : workaround_params,
  reporting         : reporting,
  vuln_ranges       : vuln_ranges,
  required_patch    : required_patch
);

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12644

www.nessus.org/u?0e2b423a

bst.cloudapps.cisco.com/bugsearch/bug/CSCvp98851

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

51.5%

JSON

Related for CISCO-SA-20190904-ISE-XSS.NASL