CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
According to its self-reported version, Cisco IOS XR is affected by a vulnerability.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED 1c95d0f7e3bc8d3f04cf6f14b0d5bd09cb00004b129dfe963f5308e6d7eb462e8ec4840b79a07c83c3f1f61a4dde25dce1d995c08fa456d31c4eacbe097ffd253edaa6f08e01a6c29c7b81a13ae82d1f522d6701579f523c6a72515da53fbff4611f9913007206acaf5865a37ac94de1561f5131fee20067fd00e5320cacd3b35922e7811dfe392d22a863cf0f7d2d1d7027dd498042c49fe1d72ff0d02289db83875f123261ae76c99e8184031caf265f1167d0fa789f5ed844c6c5b151c0df806fc841a895a68b2a940dd15f116b0e2aaa621c772658d8ba4b2ebf908c1e752db603055078eab930ed8974b99f768badd62370e121439a5b9bea7b2f092250dbb1e6f8cf97e04cbf9ba227a6ba244401ff33201a6086dfe201354e2adc36bffdee58ae8a737e431bd46c5670ebbb5a2a991eb6bfaaf11acb3ef31c2811260a1bafd8913b9cf300081754154998498ea24d795ea7e391dcd8af4b6a09b158ca0761c09bde86e370605dc2498f1b046f01b1a491f98d8f62c6372b87fc7f3d4fd3ffa759da3a0ecdab1ba53b22b3abc93cb9b75298b2c7dcba88948412ad059a7d12d6af5b22c91aa5bea03d9da4309e6c41c3cd8cc67e7c4b751fa983e48e27cd1902bfdbda22fc2177bb7f782a4d831bb6595e6c22b55f1361d1b14a9782c7f6a3127690ff43ab054ce9472b6cd5f1c7265215af43e3a72f723938c6727f4b
#TRUST-RSA-SHA256 0034e02867b0805e1b41fa4a2d341feb3267a4e5aa46cdc5be19f9d0f0ad59f97ea1ecce07a31057107754497afaa7d15cc4e02a21027bd1e8e5312913e89ac4eae1e321ee7791617d20c454f6a2fd4603ff197f7e86891a4347be31dfd3227fa9a5fdb097d144ea5119aeae51c24f0a90bde0256d4fa178983f408a490fd1f70b35d61c175695ff04674de2448a08e5f8b650704c9ba664d5fc4966b862dac3aadf94b10480ac2e4c9fabeaf35e44b11603f1def4672751a8b292f2424045aa5a9b5790fa1060fc0bb2b6f5155741c74630a183c7c8830b810704aa2731d98812f40f223acab2a1121d4ac7203f76315670dfb227c5bfe991d0dfcd84d0066b60cacb4f4fe9e80ba603a8a346ada4a4bd5ac2ca708d242c564ecc7a882f05e7d596382a9331d567cddcdba138cbfa765c980894f11a814d1d6f7fb4a812b6c369112c77d5b2b87a3fc65bf8056ed9c618bbd7ed14507fbf17d8b7a13cac084870088cc5b5faeff306127be1e5b8e873e5c8e68b40f7c6144203e91e5900faa43f5f1efb8f49e9a29d6e8309826a2382319d72b257a53d51182357445cae44a11ce5ac26569ebca77a59d149ee8ecc6f37bc733e58c8c2feb99db02aca1ed34949bbae25e1f25ca35d3c933d0ec60d5b14d9a8d778100ed1321c4a4e4ef1bba482177cb9e949f547414c9df163079cc9af285e488a661a68e12d9bc9d6981691
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(192108);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/13");
script_cve_id("CVE-2024-20262");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf11720");
script_xref(name:"CISCO-SA", value:"cisco-sa-iosxr-scp-dos-kb6sUUHw");
script_xref(name:"IAVA", value:"2024-A-0169-S");
script_name(english:"Cisco IOS XR Software Authenticated CLI SCP/SFTP DoS (cisco-sa-iosxr-scp-dos-kb6sUUHw)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS XR is affected by a vulnerability.
- A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an
authenticated, local attacker to create or overwrite files in a system directory, which could lead to a
denial of service (DoS) condition. The attacker would require valid user credentials to perform this
attack. This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An
attacker could exploit this vulnerability by authenticating to the device and issuing SCP or SFTP CLI
commands with specific parameters. A successful exploit could allow the attacker to impact the
functionality of the device, which could lead to a DoS condition. The device may need to be manually
rebooted to recover. Note: This vulnerability is exploitable only when a local user invokes SCP or SFTP
commands at the Cisco IOS XR CLI. A local user with administrative privileges could exploit this
vulnerability remotely. (CVE-2024-20262)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHw
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8466eda9");
# https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75299
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3206828a");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf11720");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwf11720");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20262");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(269);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/13");
script_set_attribute(attribute:"patch_publication_date", value:"2024/03/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/14");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xr_version.nasl");
script_require_keys("Host/Cisco/IOS-XR/Version");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
var product_info = cisco::get_product_info(name:'Cisco IOS XR');
var reporting = make_array(
'port' , product_info['port'],
'severity', SECURITY_WARNING,
'version' , product_info['version'],
'bug_id' , 'CSCwf11720'
);
var vuln_ranges = [
{'min_ver': '0', 'fix_ver': '7.11.1'},
{'min_ver': '24.1', 'fix_ver': '24.1.1'}
];
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_ranges:vuln_ranges
);
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%