Cisco IOS XE Software SNMP Extended Named Access Control List Bypass (cisco-sa-snmp-uwBXfqww)

#TRUSTED 46c33484132d42814feec2b13332fe3eb637ab2e6192a728bd64c848f03f7c779d0ab6fc6d5f1482a34ca07cced9bb21ed1b45fb421a11a2e020de830d44019ddff20a5822f6c46fe1876abb8e3e99de46441d3f7540b7021bca38bfc4d9261aa1f33f5f81b3de7d41f5288dddf382de56a4ae4753496606727fcad016a2ac8041cf524431cae3e9d572515f6a834705deab932a3b19222b6c2d625af84e488f51f1d9337a13289dcbf149ec823d965d30e292497db3c11d833c72d3007ad1d0d11a78e7fceb5c143c128bb3de2c87ecb6c6a6526c5032bf5df8ae67db613eefd0345fd958766e34808a40902c396b386e4684faf831f3cae99438f27e2ea0a57850eb0f6bf0a9577c8df0f79c854a3d8657867ef785cf034fdb79b83daf478a002c60c67857ba0ee6721fdb7a9e41358290a476b893d1d6abfa36ed1b9a1b063aefaabde1b3d17770536ac46a96edbcdb5f614ee53ecaba188e42756aa75c7b5a8e640f098c055b2674ab735fb6ed0c46c868a548468a186448d92fe0a3387d54ed290549430351e2bb1cf52ecb2f6d15015de1463596e753a6b64ab24780ef0dd9a71cc4229884903e859df730c1a605266cc106745ada7f70b64be655ab2dedc74bce019eb41dc8b2a8a6db712e5a7963df40860c169b7f8f720fa081cfccac39e527cc99bf596f632cac7d701792263af77be48964bc2d8d8fb445e34142
#TRUST-RSA-SHA256 a98640d810a0d418dbb07769be7b60e87a169d6101b67d1c88d9e7ba6fdb3b91bd5f120525e6d4d7a755e82771ebbb1bed98c0b8750c0ed3686cf6161534276919a3d54dde4aa5d62a4e0a8ed0d8599c1eeaae83596f689070d75eb131067d1bd90219fc638efc1256b3cf33f1278fd0f2d8aba3b1e37e78be0d0e862f5360ba653fe7d88ea91d6439668436b6c7545dc5d126f6b4734fd31817d426c6212aa1d4ebdd604e9fafa497cf64147579f1400b1ee4dcc47a1ca68fff4ad3e89c27b18d6a7bfc4f33405ccc1c8930f9e2b5c3c3b69a0cb191736ec97a7d9e98c0b918e80171ce1eea49a53966e1216a7d81848905a5d77338313e5a9d11cf27e3cabff6a17cee35fbaeabfbc65860a1cdb07454279c351b8cbc6b8301f0c2fdd4c7a53f526372aee8e69e6429e798492f7658fe1da0f8ad6c69c42f5fd79fac3bc9835dfd49fc997dd5c6823e02b8468a8ff5c4185154e30e066ddfc246a79755483ebbea608ebbac7e19d9c9afbb10c254170583dfda1306627722d8ad06b79568c44ec64684c7d90d40401413fecbfb2ef3f9f7338018fb449993b8c75265859e87db98cb92901b3d1d33c56ad161c7896b435c6d8bf6cc899d4e1ae3124c3b5c63e1cead4c543f336c1e1200bc41f38da5b9acc3ac14043a81bc7e557b2eb818ffd1d98ea3bfd74d2b4fc7b4473ec740a983badcd7098d769d9d4cf365324b3031
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(193584);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/19");

  script_cve_id("CVE-2024-20373");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwe24431");
  script_xref(name:"CISCO-SA", value:"cisco-sa-snmp-uwBXfqww");
  script_xref(name:"IAVA", value:"2024-A-0251");

  script_name(english:"Cisco IOS XE Software SNMP Extended Named Access Control List Bypass (cisco-sa-snmp-uwBXfqww)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d2d0fc83");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe24431");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwe24431");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20373");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(284);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/19");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xe_version.nasl");
  script_require_keys("Host/Cisco/IOS-XE/Version", "Settings/ParanoidReport");

  exit(0);
}

include('cisco_workarounds.inc');
include('ccf.inc');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

var product_info = cisco::get_product_info(name:'Cisco IOS XE Software');

var version_list=make_list(
  '3.8.2E',
  '3.8.3E',
  '3.8.4E',
  '3.8.5E',
  '3.8.5aE',
  '3.8.6E',
  '3.8.7E',
  '3.8.8E',
  '3.8.9E',
  '3.8.10E',
  '3.8.10cE',
  '3.8.10dE',
  '3.8.10eE',
  '3.9.0E',
  '3.9.1E',
  '3.9.2E',
  '3.9.2bE',
  '3.10.0E',
  '3.10.0cE',
  '3.10.1E',
  '3.10.1aE',
  '3.10.1sE',
  '3.10.2E',
  '3.10.3E',
  '3.11.0E',
  '3.11.1E',
  '3.11.1aE',
  '3.11.2E',
  '3.11.2aE',
  '3.11.3E',
  '3.11.3aE',
  '3.11.4E',
  '3.11.5E',
  '3.11.6E',
  '3.11.7E',
  '3.11.8E',
  '3.11.9E',
  '3.11.10E',
  '16.6.6',
  '16.6.7',
  '16.6.7a',
  '16.6.8',
  '16.6.9',
  '16.6.10',
  '16.9.3',
  '16.9.3a',
  '16.9.3h',
  '16.9.3s',
  '16.9.4',
  '16.9.4c',
  '16.9.5',
  '16.9.5f',
  '16.9.6',
  '16.9.7',
  '16.9.8',
  '16.9.8a',
  '16.9.8b',
  '16.10.1',
  '16.10.2',
  '16.10.3',
  '16.10.3a',
  '16.10.3b',
  '16.10.4',
  '16.10.5',
  '16.10.6',
  '16.11.1',
  '16.11.1a',
  '16.11.1b',
  '16.11.1c',
  '16.11.1d',
  '16.11.1f',
  '16.11.1s',
  '16.11.2',
  '16.12.1',
  '16.12.1a',
  '16.12.1c',
  '16.12.1s',
  '16.12.1t',
  '16.12.1w',
  '16.12.1x',
  '16.12.1y',
  '16.12.1z',
  '16.12.1z1',
  '16.12.1z2',
  '16.12.2',
  '16.12.2a',
  '16.12.2s',
  '16.12.2t',
  '16.12.3',
  '16.12.3a',
  '16.12.3s',
  '16.12.4',
  '16.12.4a',
  '16.12.5',
  '16.12.5a',
  '16.12.5b',
  '16.12.6',
  '16.12.6a',
  '16.12.7',
  '16.12.8',
  '16.12.9',
  '16.12.10',
  '16.12.10a',
  '16.12.11',
  '17.1.1',
  '17.1.1a',
  '17.1.1s',
  '17.1.1t',
  '17.1.2',
  '17.1.3',
  '17.2.1',
  '17.2.1a',
  '17.2.1r',
  '17.2.1v',
  '17.2.2',
  '17.2.3',
  '17.3.1',
  '17.3.1a',
  '17.3.1w',
  '17.3.1x',
  '17.3.1z',
  '17.3.2',
  '17.3.2a',
  '17.3.3',
  '17.3.3a',
  '17.3.4',
  '17.3.4a',
  '17.3.4b',
  '17.3.4c',
  '17.3.5',
  '17.3.5a',
  '17.3.5b',
  '17.3.6',
  '17.3.7',
  '17.3.8',
  '17.3.8a',
  '17.4.1',
  '17.4.1a',
  '17.4.1b',
  '17.4.1c',
  '17.4.2',
  '17.4.2a',
  '17.5.1',
  '17.5.1a',
  '17.5.1b',
  '17.5.1c',
  '17.6.1',
  '17.6.1a',
  '17.6.1w',
  '17.6.1x',
  '17.6.1y',
  '17.6.1z',
  '17.6.1z1',
  '17.6.2',
  '17.6.3',
  '17.6.3a',
  '17.6.4',
  '17.6.5',
  '17.6.5a',
  '17.7.1',
  '17.7.1a',
  '17.7.1b',
  '17.7.2',
  '17.8.1',
  '17.8.1a',
  '17.9.1',
  '17.9.1a',
  '17.9.1w',
  '17.9.1x',
  '17.9.1x1',
  '17.9.1y',
  '17.9.1y1',
  '17.9.2',
  '17.9.2a',
  '17.9.3',
  '17.9.3a',
  '17.10.1',
  '17.10.1a',
  '17.10.1b',
  '17.11.99SW'
);

# Due to the nature and the back and forth of confirming the workaround
# This plugin has been determined to be best served with the Paranoid setting.

var reporting = make_array(
  'port'    , product_info['port'],
  'severity', SECURITY_WARNING,
  'version' , product_info['version'],
  'bug_id'  , 'CSCwe24431'
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_versions:version_list
);