Cisco IOS XE Software Web UI Command Injection (cisco-sa-iosxe-webcmdinjsh-UFJxTgZD)

#TRUSTED 30810b2e69af43cdaf6d092ec2e3e4954c96dd56429bb83df373d4cd045bd85cf814e89187744fe6758cba7a4c19464b892779d9dc26734951ee8a54a21c347e61500f4140e399edb94d0da9666d2fb365f3124cc17ca211eb318206a0451dfee7e076c7ded8fadec5c0e9efdbf7735b5078c0d3326efef87d6cd83bfb2d5c691c4ffc6ca74841d9ef1ca22311a863a727967e7d57b6d2fa14af7052221ad8f3b178a2827590c18718c52225d99973a3f70b20abe0e47b2ed4bec78f02f7f39c9e2ee57e2e91e44bc739ca2d85752e1445fea646d9377f4355fa18d9819e87ba9b155a3054068faa17b98535c438b49683ee5cb0bd7a9b24fb34e0448a30d11ef80e10c80d0d128d7319be005ae895c2cc7b2de5dd8f1e583fa6595a1912ae2c52b74f2628f393f9a731f57b80338373028b39574ee31de8862b0ff8ca87c0fd74705c7d00e8dff2eac2af85851668c78360f98c1fa729a337dd0882504b87d12764ea093af0f6aab0a9dfa7dfed88ea7e7bdca4159d152638e3216a2130f4713d99152473003cd8fc07d20f1e9cbdb6464bcf6f7541f319b0a8bdc7fed5483feaa30dabfbd856e01fb6c6b29d531ce85b587c60e797cf57a1521b4317f3e1204f4b1b01d16da55dcdf56c62be5f7fd5b5d7bf0d02ec8a892084124deda69a9df469e952b590ab66820b9842b0696c1fc891b20c2d8c1790be2699237ba3bfa9
#TRUST-RSA-SHA256 2c2c38c63fd9b8c83be8774a6454189141fe6d45946394f5c0e0bfa4e6c2f823e2c91fb70e7052d1840edb12f81588c4d729aaaf0f0ff4de58044d1653616e66afdd3eb4ebd66e686687a9c875d015513948b8c2e489d4d1d67a3d88a3b72fa6df606cc732321f0b6dfb540fe3b8e746da780c49923ce6bb8105e6f0941cf80746c07fc7f424bccbe9dca94d4ad85759a8d62a831537a7bd84c0d1f33905e8ab40f4f5be11f7e19c501f68e141155a1b5807f36d80d786b20003f7bc877ade856a664165a25592999bb34dca527b2dbd7b911d3327c28b4233429eb9cfb37116f4a2f06226e2393998fb3a90338f1a220bc6bdbc290dc206e6a9bc46dd6ed43b6538b8ba75c37c15c15d328f7e890a55b42e4733b4f708bbc60dd75684ccd3bff179f700847a2a385bb8452e83047ca4f7ead663074fb794e070b7a2a81dd23e4b51efde9864feae2b08946a383b9d50155bcc23c8568f665fe99105f59980ad606df70f606e0ecf90606ed0d6ed976b6ba407d65e36adaf23fe8cd1c19048970b98b98fdad973f07e97798f535e085e0e43df9b55fdcaaad5b3133a8c841edf95697e4d5254e1afe31fc5098fdaa259cfad5137af5bc7a93ae259dede642f662bc3ee1132597f31dd4be8984277ebb9c8c802eabd94712b73b81f11378d0daf62b143a9c85f0ca1d61f69dd783f8835119681fe0916da63f645d9fcda69871b
##
# (C) Tenable Network Security, Inc.
##

include('compat.inc');

if (description)
{
  script_id(148103);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/03");

  script_cve_id("CVE-2021-1435");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvq32553");
  script_xref(name:"CISCO-SA", value:"cisco-sa-iosxe-webcmdinjsh-UFJxTgZD");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/11/09");

  script_name(english:"Cisco IOS XE Software Web UI Command Injection (cisco-sa-iosxe-webcmdinjsh-UFJxTgZD)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. Please see the included
Cisco BIDs and Cisco Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webcmdinjsh-UFJxTgZD
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7e57305e");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq32553");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvq32553");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-1435");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(22);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/03/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/25");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xe_version.nasl");
  script_require_keys("Host/Cisco/IOS-XE/Version");

  exit(0);
}

include('cisco_workarounds.inc');
include('ccf.inc');

product_info = cisco::get_product_info(name:'Cisco IOS XE Software');

version_list=make_list(
  '16.9.1',
  '16.9.1a',
  '16.9.1b',
  '16.9.1c',
  '16.9.1d',
  '16.9.1s',
  '16.9.2',
  '16.9.2a',
  '16.9.2s',
  '16.9.3',
  '16.9.3a',
  '16.9.3h',
  '16.9.3s',
  '16.9.4',
  '16.9.4c',
  '16.9.5',
  '16.9.5f',
  '16.9.6',
  '16.10.1',
  '16.10.1a',
  '16.10.1b',
  '16.10.1c',
  '16.10.1d',
  '16.10.1e',
  '16.10.1f',
  '16.10.1g',
  '16.10.1s',
  '16.10.2',
  '16.10.3',
  '16.11.1',
  '16.11.1a',
  '16.11.1b',
  '16.11.1c',
  '16.11.1s',
  '16.11.2',
  '17.2.1v'
);

workarounds = make_list(
  CISCO_WORKAROUNDS['HTTP_Server_iosxe']
);

workaround_params = {'no_active_sessions' : 1};

reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_HOLE,
  'bug_id'   , 'CSCvq32553',
  'cmds'     , make_list('show running-config'),
  'version'  , product_info['version']
);

cisco::check_and_report(
  product_info:product_info,
  workarounds:workarounds,
  workaround_params:workaround_params,
  reporting:reporting,
  vuln_versions:version_list
);