5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED 8fad9f8fef8af15934b99457d8c31cbd14e4da45d143113aa3efb2266f8b14c8d8de9c4bacbb3dc7a3796f0b077e5e4892d1fc9d6e367f7b36bf25ba4b3535191172265e74fe3c0747d80157edd974895ba3cd8975c964a30a65d5ebc120c3cf9f0e67efe7c9247c117053d2343fac47f5b9973221595a46373cf506dae99108ea050a4e3a6f4964065af1a97883ba003606a0ea960ce99f1110db38ef8daa35bf0d41d993784d7f134f4d75da286abb9d483e31117a97c46879a1c30cb3c09182dd8616c490798197201fadc62b890215dfed27064d9690ab9192adde55c20b0045e8b49eef5602815adc6c74daf6e1ea53823b9b0c18d0288c2e5729a091b60eb3ac52517eafeaee7b7c01f6420b37b9288a0fa1675f10281fc841f9ed058fa006e7c58b25194bf2fdbd5b95ff958b20e15fb2487f359e8eee07218ac670e077ef3a78b2dcf6bf980568ef99061becbd2e121cf20e875a9ed18b45e4795d6b135c06e7c16d5b5e0123457ed968fa44b3f1bd2c71a63ca8033ea6b859b8d7024fcc7a0a8bbe2f1b79a99fdd1a08776d98724a6b5ec95d245e371df9454e073f10336486275803b5eb23b18a6cea418c401f69770d844bc9b92d0f38cfad011c2a508123b38dea61252209fe66694583ae318ad5b5481fd67e4e4a1066edeb6ac48333c026c6f6a1220981dd922ef9547603c50c7cf66902a151316773261437
#TRUST-RSA-SHA256 845b299873a834c39a48e6dd34efebc4e1e3567441eeb6e818b6e4ea0b8f889ce13ac96fac64b22fa172f08104b0ef921e22e4b66fad554979aaefc6d54fd6373ac42223057b544a679de91ad4d157f4152aaf8b09f01b06989c2a10d197cdaf99c3e7619381626cbda0412540486ba65442ab6156395822094ee7fc6812c683a12b3c42897509dddb2057ca786a30297e31cfcfb1fb91be5c898582679a936c5c8474b81e2483fe4df4152c777e36d3297ffd508f40328f722a70f4f6df43fea7a2a7fa4333b0106180c91d3c0238c52d81403865c6f7c2f394bbb1f70d1c6794cacbfbbaa2909850243497a36e0f1839a5468d1f679e037137ecf4276a1d0cb6e2a7ff339e3589847a483ed995d4226eae212e2dcd3949a4651aae446d375a73ba30cfc2ca08e374143f0f1ebd72367cc95d22edf5e4db479a96da444a19b7b3b0245772a6c8e10536189b733dcb2ac35d5afae1bc21d4f4fa5c2e821ce0ac028b4a347840af8aad24b636aa3efcb40c6903106ae95504d44c5182c5c11d3144b99ac291d4d80f1059f11930f929ecb0772130d114919154a93bebe1ca420039e49ff05b583582e8a7dd89717fd88c160529c4931412ae5661cde5a349193cd33fe65eda94e153ab0057198bda312d2c9a7bc00b108ecf543257b9ee55d2e2aac3401e0498daea2e5f46af97591074655879c883d57fe882557e4cc8c26a97
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(192655);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/05");
script_cve_id("CVE-2024-20316");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe12169");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf92391");
script_xref(name:"CISCO-SA", value:"cisco-sa-dmi-acl-bypass-Xv8FO8Vz");
script_xref(name:"IAVA", value:"2024-A-0188");
script_name(english:"Cisco IOS XE Software NETCONF/RESTCONF IPv4 Access Control List Bypass (cisco-sa-dmi-acl-bypass-Xv8FO8Vz)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.
- A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an
unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4
access control list (ACL). This vulnerability is due to improper handling of error conditions when a
successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol,
and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit
this vulnerability by accessing resources that should have been protected across an affected device.
(CVE-2024-20316)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?af639aa5");
# https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1da659d");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe12169");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf92391");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwe12169, CSCwf92391");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20316");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(390);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/27");
script_set_attribute(attribute:"patch_publication_date", value:"2024/03/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/28");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
var product_info = cisco::get_product_info(name:'Cisco IOS XE Software');
var version_list=make_list(
'16.3.1',
'16.3.1a',
'16.3.2',
'16.3.3',
'16.3.4',
'16.3.5',
'16.3.5b',
'16.3.6',
'16.3.7',
'16.3.8',
'16.3.9',
'16.3.10',
'16.3.11',
'16.4.1',
'16.4.2',
'16.4.3',
'16.5.1',
'16.5.1a',
'16.5.1b',
'16.5.2',
'16.5.3',
'16.6.1',
'16.6.2',
'16.6.3',
'16.6.4',
'16.6.4a',
'16.6.4s',
'16.6.5',
'16.6.5a',
'16.6.5b',
'16.6.6',
'16.6.7',
'16.6.7a',
'16.6.8',
'16.6.9',
'16.6.10',
'16.7.1',
'16.7.2',
'16.7.3',
'16.8.1',
'16.8.1a',
'16.8.1b',
'16.8.1c',
'16.8.1s',
'16.8.2',
'16.8.3',
'16.9.1',
'16.9.1a',
'16.9.1b',
'16.9.1c',
'16.9.1d',
'16.9.1s',
'16.9.2',
'16.9.2a',
'16.9.2s',
'16.9.3',
'16.9.3a',
'16.9.3h',
'16.9.3s',
'16.9.4',
'16.9.4c',
'16.9.5',
'16.9.5f',
'16.9.6',
'16.9.7',
'16.9.8',
'16.9.8a',
'16.9.8b',
'16.9.8c',
'16.10.1',
'16.10.1a',
'16.10.1b',
'16.10.1e',
'16.10.1s',
'16.10.2',
'16.10.3',
'16.11.1',
'16.11.1a',
'16.11.1b',
'16.11.1c',
'16.11.1s',
'16.11.2',
'16.12.1',
'16.12.1a',
'16.12.1c',
'16.12.1s',
'16.12.1t',
'16.12.2',
'16.12.2a',
'16.12.2s',
'16.12.2t',
'16.12.3',
'16.12.3a',
'16.12.3s',
'16.12.4',
'16.12.4a',
'16.12.5',
'16.12.5a',
'16.12.5b',
'16.12.6',
'16.12.6a',
'16.12.7',
'16.12.8',
'16.12.9',
'16.12.10',
'16.12.10a',
'16.12.11',
'17.1.1',
'17.1.1a',
'17.1.1s',
'17.1.1t',
'17.1.2',
'17.1.3',
'17.2.1',
'17.2.1a',
'17.2.1r',
'17.2.1v',
'17.2.2',
'17.2.3',
'17.3.1',
'17.3.1a',
'17.3.2',
'17.3.2a',
'17.3.3',
'17.3.3a',
'17.3.4',
'17.3.4a',
'17.3.4b',
'17.3.4c',
'17.3.5',
'17.3.5a',
'17.3.5b',
'17.3.6',
'17.3.7',
'17.3.8',
'17.3.8a',
'17.4.1',
'17.4.1a',
'17.4.1b',
'17.4.1c',
'17.4.2',
'17.4.2a',
'17.5.1',
'17.5.1a',
'17.5.1b',
'17.5.1c',
'17.6.1',
'17.6.1a',
'17.6.2',
'17.6.3',
'17.6.3a',
'17.6.4',
'17.6.5',
'17.6.5a',
'17.6.6',
'17.6.6a',
'17.7.1',
'17.7.1a',
'17.7.1b',
'17.7.2',
'17.8.1',
'17.8.1a',
'17.9.1',
'17.9.1a',
'17.9.2',
'17.9.2a',
'17.9.3',
'17.9.3a',
'17.9.4',
'17.9.4a',
'17.10.1',
'17.10.1a',
'17.10.1b',
'17.11.1',
'17.11.1a',
'17.11.99SW',
'17.12.1',
'17.12.1a',
'17.12.2',
'17.12.2a'
);
var workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
var workaround_params = [
WORKAROUND_CONFIG['netconf'],
WORKAROUND_CONFIG['netconf_or_restconf']
];
var reporting = make_array(
'port' , product_info['port'],
'severity', SECURITY_WARNING,
'version' , product_info['version'],
'bug_id' , 'CSCwe12169, CSCwf92391'
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
workaround_params:workaround_params,
reporting:reporting,
vuln_versions:version_list
);
5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%