8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
56.8%
According to its self-reported version, Cisco Identity Services Engine is affected by a path traversal vulnerability. This could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system. Using this method, it is possible to access the underlying operating system and execute commands with system privileges.
Please see the included Cisco BID and Cisco Security Advisory for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(166907);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/25");
script_cve_id("CVE-2022-20962");
script_xref(name:"CISCO-BUG-ID", value:"CSCwb75941");
script_xref(name:"CISCO-SA", value:"cisco-sa-ise-path-trav-f6M7cs6r");
script_xref(name:"IAVA", value:"2022-A-0462-S");
script_name(english:"Cisco Identity Services Engine Path Traversal (cisco-sa-ise-path-trav-f6M7cs6r)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Identity Services Engine is affected by a path traversal vulnerability.
This could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected
device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by
sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload
malicious files to arbitrary locations within the file system. Using this method, it is possible to access the
underlying operating system and execute commands with system privileges.
Please see the included Cisco BID and Cisco Security Advisory for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-f6M7cs6r
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?81f3ee5f");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb75941");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwb75941");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-20962");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(37);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/02");
script_set_attribute(attribute:"patch_publication_date", value:"2022/11/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/03");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:identity_services_engine");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine_software");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ise_detect.nbin");
script_require_keys("Host/Cisco/ISE/version");
exit(0);
}
include('ccf.inc');
include('cisco_ise_func.inc');
var product_info = cisco::get_product_info(name:'Cisco Identity Services Engine Software');
var vuln_ranges = [ {'min_ver':'3.1', 'fix_ver':'3.1.0.518', required_patch:'4'}];
var required_patch = get_required_patch(vuln_ranges:vuln_ranges, version:product_info['version']);
if (empty_or_null(required_patch))
audit(AUDIT_HOST_NOT, 'affected');
var reporting = make_array(
'port' , 0,
'severity' , SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , 'CSCwb75941',
'disable_caveat', TRUE,
'fix' , 'See vendor advisory'
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_ranges:vuln_ranges,
required_patch:required_patch
);
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | identity_services_engine | cpe:/h:cisco:identity_services_engine | |
cisco | identity_services_engine | cpe:/a:cisco:identity_services_engine | |
cisco | identity_services_engine_software | cpe:/a:cisco:identity_services_engine_software |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
56.8%