Cisco IOS Software SNMP Extended Named Access Control List Bypass (cisco-sa-snmp-uwBXfqww)

2024-04-1900:00:00

www.tenable.com

cisco

snmp

access control list

7.1 High

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON

According to its self-reported version, Cisco IOS is affected by a vulnerability.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

#TRUSTED 1f7a313b72d039dd9461d59c39ab16c54682fdf04d7e39304d6a99c2099020799e5bb4016969d5c4eba93559ce2dd80f3b23eca9c6a72e5bec211509c80529f49388cd8f751abf8cc321ea3692c27012bb46ab7fe9025c5cb316e750b148898b7a7c92a72b2d82b38e0bf52ed63dfc7204e024528d894d982a50cf331b03be92fd41a5c1b37d41338d9b15d0209334450cce4366b6165b1bbe224e2e90829dbaeff02d11abd572b46d9b12b61c9feaf1391dfe0afb547890fe2d170e7b1a89e12be94ae63aeea694576c4432658d92715f814aff6cb8e631865c8fe91457739602959fa1caa3ed10ddb8d164cb5a65a7c702d05940ed978f887f2663ef90f223401b1df2d7c1032792d11ece67efde6d03f9a512628f47de4c04a4aee94e40f8c578215b9603866a6a56a73039befd77125c807034d238569960e33c119635077477c89f110f3b28743a8b782f19cc8ddf38dac6cc6a138a4703d378164ebe3d9d618d58619862a9bfbc54c3a9238b4e007683491e886366e0edd23a639a19d10164e06afe822d265c8cfc1c67cb39c60f33a122a8c6a269d0ebec9e71a4fa65a5609a9593f7c6b112c34bf852f6b27116b0c16bf9618428a518786f00be10d827c357afc8db5d2f47d7097944bbc861123f5d3c450e5fb8e7adb2810838be059b4fd5b25c857cc6ddc5e9862e6712379dc92144cc6fa1efb649cd991c06b754
#TRUST-RSA-SHA256 a0a7041fef960fe2e9f8c10f7e17b8cc85f4c8218b65a93872fed05491d5efe27a25c165439ac29377474760c44b1cc8845d28f25cf94b7ca37211f903a341fd092f4348a5fb20e49294f34d0388de08b05b089140b14f6ae7849255267fc502aec3ff2f5113bf3dc0c1423f2bf916443516bb2aff70c50a49ea6bdb84def2750788972a94cd23f2933bef5ab63d8248fb62e8f623c5ca810cc1931b0f780905895869f8116b9b63fe077867a81137afcd40a6b3e4e8d1caeb0432625f22b9c23f4dc2ff7787936cfaffddba5f2048ca0c3a6f6faa8a7fb7edc0104576e2695e193393056e8e45a9ac6a398e82c98189a83fc7d879b5f115537d56da2b5d8a12a5079e282bd7543d0214d975bfd8164e07137de87d807fd1a69a74beac1d3eae45269b037f66e153ec173797491c1a2236aea7eba836f9803e868c05720fdd3f8e0bbf19f4482b3189490a444290a75ddf8c00fa865210bb9566a021891c552bfc62c7c1a4776a0602c59115b69346f831a356800b07bc4f76e8398e115ca9e52dd41393bde855fd9dda6609d1d2100271f0e31587565688dd1ff4492943d0411b831b0bd9f785c9b09396377d1f30d9e6ca4688a5770521191cbe3ffc812a31201ec587a8c846fd0cfbab16c980e5d9d94cdd9804429ffc774c9303895e76af1746e81b0081f39f5d5e32157a47732554236d80bf8dcf629f0b4d70cadec482
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(193583);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/19");

  script_cve_id("CVE-2024-20373");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwe24431");
  script_xref(name:"CISCO-SA", value:"cisco-sa-snmp-uwBXfqww");
  script_xref(name:"IAVA", value:"2024-A-0251");

  script_name(english:"Cisco IOS Software SNMP Extended Named Access Control List Bypass (cisco-sa-snmp-uwBXfqww)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS is affected by a vulnerability.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d2d0fc83");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe24431");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwe24431");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20373");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(284);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/19");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_version.nasl");
  script_require_keys("Host/Cisco/IOS/Version", "Settings/ParanoidReport");

  exit(0);
}

include('cisco_workarounds.inc');
include('ccf.inc');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

var product_info = cisco::get_product_info(name:'Cisco IOS');

var version_list=make_list(
  '12.2(6)I1',
  '15.1(3)SVR1',
  '15.1(3)SVR2',
  '15.1(3)SVR3',
  '15.1(3)SVR10',
  '15.1(3)SVS',
  '15.1(3)SVS1',
  '15.1(3)SVT1',
  '15.1(3)SVT2',
  '15.1(3)SVT3',
  '15.1(3)SVT4',
  '15.1(3)SVU1',
  '15.1(3)SVU2',
  '15.1(3)SVU10',
  '15.1(3)SVU11',
  '15.1(3)SVU20',
  '15.1(3)SVU21',
  '15.1(3)SVV1',
  '15.1(3)SVV2',
  '15.1(3)SVV3',
  '15.1(3)SVV4',
  '15.1(3)SVW',
  '15.1(3)SVW1',
  '15.1(3)SVX',
  '15.1(3)SVX1',
  '15.2(1)SY3',
  '15.2(1)SY4',
  '15.2(1)SY5',
  '15.2(1)SY6',
  '15.2(1)SY7',
  '15.2(1)SY8',
  '15.2(2)SY1',
  '15.2(2)SY2',
  '15.2(2)SY3',
  '15.2(4)E2',
  '15.2(4)E3',
  '15.2(4)E4',
  '15.2(4)E5',
  '15.2(4)E5a',
  '15.2(4)E6',
  '15.2(4)E7',
  '15.2(4)E8',
  '15.2(4)E9',
  '15.2(4)E10',
  '15.2(4)E10a',
  '15.2(4)E10b',
  '15.2(4)E10c',
  '15.2(4)E10d',
  '15.2(4)E10e',
  '15.2(4m)E2',
  '15.2(4m)E3',
  '15.2(4n)E2',
  '15.2(4o)E2',
  '15.2(4o)E3',
  '15.2(4p)E1',
  '15.2(4q)E1',
  '15.2(4s)E1',
  '15.2(5)E',
  '15.2(5)E1',
  '15.2(5)E2',
  '15.2(5)E2b',
  '15.2(5)E2c',
  '15.2(5)EA',
  '15.2(5)EX',
  '15.2(5a)E',
  '15.2(5a)E1',
  '15.2(5b)E',
  '15.2(5c)E',
  '15.2(6)E',
  '15.2(6)E0a',
  '15.2(6)E0c',
  '15.2(6)E1',
  '15.2(6)E1a',
  '15.2(6)E1s',
  '15.2(6)E2',
  '15.2(6)E2a',
  '15.2(6)E2b',
  '15.2(6)E3',
  '15.2(6)EB',
  '15.2(7)E',
  '15.2(7)E0a',
  '15.2(7)E0b',
  '15.2(7)E0s',
  '15.2(7)E1',
  '15.2(7)E1a',
  '15.2(7)E2',
  '15.2(7)E2a',
  '15.2(7)E2b',
  '15.2(7)E3',
  '15.2(7)E3k',
  '15.2(7)E4',
  '15.2(7)E5',
  '15.2(7)E6',
  '15.2(7)E7',
  '15.2(7)E8',
  '15.2(7)E9',
  '15.2(7)E10',
  '15.2(7a)E0b',
  '15.2(7b)E0b',
  '15.2(8)E',
  '15.2(8)E1',
  '15.2(8)E2',
  '15.2(8)E3',
  '15.2(8)E4',
  '15.2(8)E5',
  '15.3(0)SY',
  '15.3(1)SY',
  '15.3(1)SY1',
  '15.3(1)SY2',
  '15.4(1)SY',
  '15.4(1)SY1',
  '15.4(1)SY2',
  '15.4(1)SY3',
  '15.4(1)SY4',
  '15.4(3)M6',
  '15.4(3)M6a',
  '15.4(3)M7',
  '15.4(3)M7a',
  '15.4(3)M8',
  '15.4(3)M9',
  '15.4(3)M10',
  '15.5(1)SY',
  '15.5(1)SY1',
  '15.5(1)SY2',
  '15.5(1)SY3',
  '15.5(1)SY4',
  '15.5(1)SY5',
  '15.5(1)SY6',
  '15.5(1)SY7',
  '15.5(1)SY8',
  '15.5(1)SY9',
  '15.5(1)SY10',
  '15.5(1)SY11',
  '15.5(1)SY12',
  '15.5(1)SY13',
  '15.5(3)M4',
  '15.5(3)M4a',
  '15.5(3)M4b',
  '15.5(3)M4c',
  '15.5(3)M5',
  '15.5(3)M6',
  '15.5(3)M6a',
  '15.5(3)M7',
  '15.5(3)M8',
  '15.5(3)M9',
  '15.5(3)M10',
  '15.5(3)M11',
  '15.5(3)M11a',
  '15.5(3)M11b',
  '15.6(2)T',
  '15.6(2)T0a',
  '15.6(2)T1',
  '15.6(2)T2',
  '15.6(2)T3',
  '15.6(3)M',
  '15.6(3)M0a',
  '15.6(3)M1',
  '15.6(3)M1a',
  '15.6(3)M1b',
  '15.6(3)M2',
  '15.6(3)M2a',
  '15.6(3)M3',
  '15.6(3)M3a',
  '15.6(3)M4',
  '15.6(3)M5',
  '15.6(3)M6',
  '15.6(3)M6a',
  '15.6(3)M6b',
  '15.6(3)M7',
  '15.6(3)M8',
  '15.6(3)M9',
  '15.7(3)M',
  '15.7(3)M0a',
  '15.7(3)M1',
  '15.7(3)M2',
  '15.7(3)M3',
  '15.7(3)M4',
  '15.7(3)M4a',
  '15.7(3)M4b',
  '15.7(3)M5',
  '15.7(3)M6',
  '15.7(3)M7',
  '15.7(3)M8',
  '15.7(3)M9',
  '15.7(3)M10',
  '15.7(3)M10a',
  '15.7(3)M10b',
  '15.8(3)M',
  '15.8(3)M0a',
  '15.8(3)M0b',
  '15.8(3)M1',
  '15.8(3)M1a',
  '15.8(3)M2',
  '15.8(3)M2a',
  '15.8(3)M3',
  '15.8(3)M3a',
  '15.8(3)M3b',
  '15.8(3)M4',
  '15.8(3)M5',
  '15.8(3)M6',
  '15.8(3)M7',
  '15.8(3)M8',
  '15.8(3)M9',
  '15.9(3)M',
  '15.9(3)M0a',
  '15.9(3)M1',
  '15.9(3)M2',
  '15.9(3)M2a',
  '15.9(3)M3',
  '15.9(3)M3a',
  '15.9(3)M3b',
  '15.9(3)M4',
  '15.9(3)M4a',
  '15.9(3)M5',
  '15.9(3)M6',
  '15.9(3)M6a',
  '15.9(3)M6b',
  '15.9(3)M7',
  '15.9(3)M7a',
  '15.9(3)M8',
  '15.9(3)M8a',
  '15.9(3)M8b',
  '15.9(3)M9',
  '15.9(3)M9a'
);

# Due to the nature and the back and forth of confirming the workaround
# This plugin has been determined to be best served with the Paranoid setting.

var reporting = make_array(
  'port'    , product_info['port'],
  'severity', SECURITY_WARNING,
  'version' , product_info['version'],
  'bug_id'  , 'CSCwe24431'
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_versions:version_list
);

VendorProductVersionCPE
ciscoioscpe:/o:cisco:ios

Vendor	Product	Version	CPE
cisco	ios		cpe:/o:cisco:ios

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20373

www.nessus.org/u?d2d0fc83

bst.cloudapps.cisco.com/bugsearch/bug/CSCwe24431