Lucene search
This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO_ASA_CSCUG83080.NASLHistoryJul 30, 2013 - 12:00 a.m.
Cisco ASA WebVPN XSS
2013-07-3000:00:00
This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
39
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.002
Percentile
57.7%
According to its self-reported version, the remote Cisco ASA is missing a security patch and is affected by a cross-site scripting vulnerability in the WebVPN portal login page. An attacker could exploit this by tricking a user into requesting a specially crafted URL, resulting in arbitrary script code execution.
#TRUSTED 0e1c50147d9c42e212471601d8cdf640425412db8a22128541e5cba60aaf0e9146360934b7bc1997c3a3764e6500f1765cd0ad0e3668d7f27ea8c28754cc4cda61ea96ddff1d4d083c332f693400e2884d40614cead5964a8064934e6b53396088cbff4b52e0cc8abf484f2932c0526941f9eb692ac0925b24fb10490a0e616ffa32a6b2ade10d5a2ef15edf407022b67f72e9c84081bb2c7f6fe5213ac0ea7ff7855a40749879c9f2896447872c6cdfbae9a6cafa816161bc60ba221d2974330f5a9d190881cc0badc9cec64c76f9695ce78f1f0e0fa08b037617234cf216f5f1a430ec9c16ac5e93641f7844a169e807162a19d752192921cfad748ae3756929bc413aab249b4c1519b93f402eacc44814e1ced91a02c9e80dbebe1c455607d1c1cf189f698dba11bdad660cc97cd8b686984ca7a7b623eace33b9c2e0f2b3e2dda8c5fa0ecb8b176e8253de208aa86bd4f4bc00faded631729b7f4a546c9ca99b70ddfb7a364cb040af199047dcfd0933265355815647ab6723fbef067aa6f2b1ccf906de05b8d60eb571b1ad58bebd63a7ff533c6fe3893b15a4007502f6ae447d0cbc4facf88f5440132c741e01b9ea24f3176f8c83ac2cd59497e7cdd24b1257b1da8a183cd6baa7692d043a35201fb349748a622d71d2c8a5b48c9db7bb381af37213e1cf4f503d46920994528a06b1188bcfbb922ee441f84ce36080
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(69138);
script_version("1.12");
script_cvs_date("Date: 2019/11/27");
script_cve_id("CVE-2013-3414");
script_bugtraq_id(61451);
script_xref(name:"CISCO-BUG-ID", value:"CSCug83080");
script_name(english:"Cisco ASA WebVPN XSS");
script_summary(english:"Checks ASA version");
script_set_attribute(attribute:"synopsis", value:
"The remote security device is missing a vendor-supplied security
patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the remote Cisco ASA is missing
a security patch and is affected by a cross-site scripting vulnerability
in the WebVPN portal login page. An attacker could exploit this by
tricking a user into requesting a specially crafted URL, resulting in
arbitrary script code execution.");
# https://tools.cisco.com/security/center/viewAlert.x?alertId=30214
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bc0e96e5");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAlert.x?alertId=30214");
script_set_attribute(attribute:"solution", value:
"According to the Cisco Security Notice for CVE-2013-3414, fixes can be
obtained by contacting normal support channels.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/25");
script_set_attribute(attribute:"patch_publication_date", value:"2013/07/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:adaptive_security_appliance_software");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/Cisco/ASA");
exit(0);
}
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");
include("audit.inc");
asa = get_kb_item_or_exit('Host/Cisco/ASA');
ver = extract_asa_version(asa);
if (isnull(ver))
audit(AUDIT_FN_FAIL, 'extract_asa_version');
else if (ver == '7.0(1)')
vuln = TRUE;
else if (ver == '7.0(1)4')
vuln = TRUE;
else if (ver == '7.0(2)')
vuln = TRUE;
else if (ver == '7.0(3)')
vuln = TRUE;
else if (ver == '7.0(4)')
vuln = TRUE;
else if (ver == '7.0(4)2')
vuln = TRUE;
else if (ver == '7.0(5)')
vuln = TRUE;
else if (ver == '7.0(5)12')
vuln = TRUE;
else if (ver == '7.0(6)')
vuln = TRUE;
else if (ver == '7.0(6)18')
vuln = TRUE;
else if (ver == '7.0(6)22')
vuln = TRUE;
else if (ver == '7.0(6)26')
vuln = TRUE;
else if (ver == '7.0(6)29')
vuln = TRUE;
else if (ver == '7.0(6)32')
vuln = TRUE;
else if (ver == '7.0(6)4')
vuln = TRUE;
else if (ver == '7.0(6)8')
vuln = TRUE;
else if (ver == '7.0(7)')
vuln = TRUE;
else if (ver == '7.0(7)1')
vuln = TRUE;
else if (ver == '7.0(7)12')
vuln = TRUE;
else if (ver == '7.0(7)4')
vuln = TRUE;
else if (ver == '7.0(7)9')
vuln = TRUE;
else if (ver == '7.0(8)')
vuln = TRUE;
else if (ver == '7.0(8)12')
vuln = TRUE;
else if (ver == '7.0(8)13')
vuln = TRUE;
else if (ver == '7.0(8)2')
vuln = TRUE;
else if (ver == '7.0(8)8')
vuln = TRUE;
else if (ver == '7.1(2)')
vuln = TRUE;
else if (ver == '7.1(2)16')
vuln = TRUE;
else if (ver == '7.1(2)20')
vuln = TRUE;
else if (ver == '7.1(2)24')
vuln = TRUE;
else if (ver == '7.1(2)28')
vuln = TRUE;
else if (ver == '7.1(2)38')
vuln = TRUE;
else if (ver == '7.1(2)42')
vuln = TRUE;
else if (ver == '7.1(2)46')
vuln = TRUE;
else if (ver == '7.1(2)49')
vuln = TRUE;
else if (ver == '7.1(2)53')
vuln = TRUE;
else if (ver == '7.1(2)61')
vuln = TRUE;
else if (ver == '7.1(2)64')
vuln = TRUE;
else if (ver == '7.1(2)72')
vuln = TRUE;
else if (ver == '7.1(2)81 ')
vuln = TRUE;
else if (ver == '7.2(1)')
vuln = TRUE;
else if (ver == '7.2(1)13')
vuln = TRUE;
else if (ver == '7.2(1)19')
vuln = TRUE;
else if (ver == '7.2(1)24')
vuln = TRUE;
else if (ver == '7.2(1)9')
vuln = TRUE;
else if (ver == '7.2(2)')
vuln = TRUE;
else if (ver == '7.2(2)10')
vuln = TRUE;
else if (ver == '7.2(2)14')
vuln = TRUE;
else if (ver == '7.2(2)18')
vuln = TRUE;
else if (ver == '7.2(2)19')
vuln = TRUE;
else if (ver == '7.2(2)22')
vuln = TRUE;
else if (ver == '7.2(2)34')
vuln = TRUE;
else if (ver == '7.2(2)6')
vuln = TRUE;
else if (ver == '7.2(3)')
vuln = TRUE;
else if (ver == '7.2(3)1')
vuln = TRUE;
else if (ver == '7.2(3)12')
vuln = TRUE;
else if (ver == '7.2(3)16')
vuln = TRUE;
else if (ver == '7.2(4)')
vuln = TRUE;
else if (ver == '7.2(4)18')
vuln = TRUE;
else if (ver == '7.2(4)25')
vuln = TRUE;
else if (ver == '7.2(4)27')
vuln = TRUE;
else if (ver == '7.2(4)30')
vuln = TRUE;
else if (ver == '7.2(4)33')
vuln = TRUE;
else if (ver == '7.2(4)6')
vuln = TRUE;
else if (ver == '7.2(4)9')
vuln = TRUE;
else if (ver == '7.2(5)')
vuln = TRUE;
else if (ver == '7.2(5)10')
vuln = TRUE;
else if (ver == '7.2(5)2')
vuln = TRUE;
else if (ver == '7.2(5)4')
vuln = TRUE;
else if (ver == '7.2(5)7')
vuln = TRUE;
else if (ver == '7.2(5)8 ')
vuln = TRUE;
else if (ver == '8.0(1)2')
vuln = TRUE;
else if (ver == '8.0(2)')
vuln = TRUE;
else if (ver == '8.0(2)11')
vuln = TRUE;
else if (ver == '8.0(2)15')
vuln = TRUE;
else if (ver == '8.0(3)')
vuln = TRUE;
else if (ver == '8.0(3)12')
vuln = TRUE;
else if (ver == '8.0(3)19')
vuln = TRUE;
else if (ver == '8.0(3)6')
vuln = TRUE;
else if (ver == '8.0(4)')
vuln = TRUE;
else if (ver == '8.0(4)16')
vuln = TRUE;
else if (ver == '8.0(4)23')
vuln = TRUE;
else if (ver == '8.0(4)25')
vuln = TRUE;
else if (ver == '8.0(4)28')
vuln = TRUE;
else if (ver == '8.0(4)3')
vuln = TRUE;
else if (ver == '8.0(4)31')
vuln = TRUE;
else if (ver == '8.0(4)32')
vuln = TRUE;
else if (ver == '8.0(4)33')
vuln = TRUE;
else if (ver == '8.0(4)9')
vuln = TRUE;
else if (ver == '8.0(5)')
vuln = TRUE;
else if (ver == '8.0(5)20')
vuln = TRUE;
else if (ver == '8.0(5)23')
vuln = TRUE;
else if (ver == '8.0(5)25')
vuln = TRUE;
else if (ver == '8.0(5)27')
vuln = TRUE;
else if (ver == '8.0(5)28')
vuln = TRUE;
else if (ver == '8.0(5)31 ')
vuln = TRUE;
else if (ver == '8.1(1)')
vuln = TRUE;
else if (ver == '8.1(1)6')
vuln = TRUE;
else if (ver == '8.1(2)')
vuln = TRUE;
else if (ver == '8.1(2)13')
vuln = TRUE;
else if (ver == '8.1(2)15')
vuln = TRUE;
else if (ver == '8.1(2)16')
vuln = TRUE;
else if (ver == '8.1(2)19')
vuln = TRUE;
else if (ver == '8.1(2)23')
vuln = TRUE;
else if (ver == '8.1(2)24')
vuln = TRUE;
else if (ver == '8.1(2)49')
vuln = TRUE;
else if (ver == '8.1(2)50')
vuln = TRUE;
else if (ver == '8.1(2)55')
vuln = TRUE;
else if (ver == '8.1(2)56')
vuln = TRUE;
else if (ver == '8.2(0)45')
vuln = TRUE;
else if (ver == '8.2(1)')
vuln = TRUE;
else if (ver == '8.2(1)11')
vuln = TRUE;
else if (ver == '8.2(2)')
vuln = TRUE;
else if (ver == '8.2(2)10')
vuln = TRUE;
else if (ver == '8.2(2)12')
vuln = TRUE;
else if (ver == '8.2(2)16')
vuln = TRUE;
else if (ver == '8.2(2)17')
vuln = TRUE;
else if (ver == '8.2(2)9')
vuln = TRUE;
else if (ver == '8.2(3)')
vuln = TRUE;
else if (ver == '8.2(4)')
vuln = TRUE;
else if (ver == '8.2(4)1')
vuln = TRUE;
else if (ver == '8.2(4)4')
vuln = TRUE;
else if (ver == '8.2(5)')
vuln = TRUE;
else if (ver == '8.2(5)13')
vuln = TRUE;
else if (ver == '8.2(5)22')
vuln = TRUE;
else if (ver == '8.2(5)26')
vuln = TRUE;
else if (ver == '8.2(5)33')
vuln = TRUE;
else if (ver == '8.2(5)40')
vuln = TRUE;
else if (ver == '8.2(5)41 ')
vuln = TRUE;
else if (ver == '8.3(1)')
vuln = TRUE;
else if (ver == '8.3(1)4')
vuln = TRUE;
else if (ver == '8.3(1)6')
vuln = TRUE;
else if (ver == '8.3(2)')
vuln = TRUE;
else if (ver == '8.3(2)13')
vuln = TRUE;
else if (ver == '8.3(2)23')
vuln = TRUE;
else if (ver == '8.3(2)25')
vuln = TRUE;
else if (ver == '8.3(2)31')
vuln = TRUE;
else if (ver == '8.3(2)33')
vuln = TRUE;
else if (ver == '8.3(2)34')
vuln = TRUE;
else if (ver == '8.3(2)37')
vuln = TRUE;
else if (ver == '8.3(2)4')
vuln = TRUE;
else if (ver == '8.4(1)')
vuln = TRUE;
else if (ver == '8.4(1)11')
vuln = TRUE;
else if (ver == '8.4(1)3')
vuln = TRUE;
else if (ver == '8.4(2)')
vuln = TRUE;
else if (ver == '8.4(2)1')
vuln = TRUE;
else if (ver == '8.4(2)8')
vuln = TRUE;
else if (ver == '8.4(3)')
vuln = TRUE;
else if (ver == '8.4(3)8')
vuln = TRUE;
else if (ver == '8.4(3)9')
vuln = TRUE;
else if (ver == '8.4(4)')
vuln = TRUE;
else if (ver == '8.4(4)1')
vuln = TRUE;
else if (ver == '8.4(4)3')
vuln = TRUE;
else if (ver == '8.4(4)5')
vuln = TRUE;
else if (ver == '8.4(4)9')
vuln = TRUE;
else if (ver == '8.4(5)')
vuln = TRUE;
else if (ver == '8.4(5)6')
vuln = TRUE;
else if (ver == '8.4(6)')
vuln = TRUE;
else if (ver == '8.5(1)')
vuln = TRUE;
else if (ver == '8.5(1)1')
vuln = TRUE;
else if (ver == '8.5(1)14')
vuln = TRUE;
else if (ver == '8.5(1)17')
vuln = TRUE;
else if (ver == '8.5(1)6')
vuln = TRUE;
else if (ver == '8.5(1)7')
vuln = TRUE;
else if (ver == '8.6(1)')
vuln = TRUE;
else if (ver == '8.6(1)1')
vuln = TRUE;
else if (ver == '8.6(1)10')
vuln = TRUE;
else if (ver == '8.6(1)2')
vuln = TRUE;
else if (ver == '8.6(1)5')
vuln = TRUE;
else if (ver == '8.7(1)')
vuln = TRUE;
else if (ver == '8.7(1)1')
vuln = TRUE;
else if (ver == '8.7(1)3')
vuln = TRUE;
else if (ver == '8.7(1)4 ')
vuln = TRUE;
else if (ver == '9.0(1)')
vuln = TRUE;
else if (ver == '9.0(2)')
vuln = TRUE;
else if (ver == '9.1(1)')
vuln = TRUE;
else if (ver == '9.1(1)4')
vuln = TRUE;
else if (ver == '9.1(2)')
vuln = TRUE;
else
vuln = FALSE;
override = FALSE;
if (get_kb_item("Host/local_checks_enabled") && vuln)
{
vuln = FALSE;
# Check that webvpn is enabled on at least one interface
buf = cisco_command_kb_item("Host/Cisco/Config/show running-config webvpn", "show running-config webvpn");
if (check_cisco_result(buf))
{
if (preg(multiline:TRUE, pattern:".*enable outside", string:buf))
{
# Check that the ssl-clientless option is configured
buf2 = cisco_command_kb_item("Host/Cisco/Config/show running-config group-policy | include vpn-tunnel-protocol", "show running-config group-policy | include vpn-tunnel-protocol");
if (check_cisco_result(buf2))
{
if (preg(multiline:TRUE, pattern:"vpn-tunnel-protocol.*ssl-clientless", string:buf2))
vuln = TRUE;
}
}
}
else if (cisco_needs_enable(buf)) override = TRUE;
if (!vuln && !override) audit(AUDIT_HOST_NOT, "affected because the Clientless SSL VPN portal is not enabled");
}
if (vuln || override)
{
security_report_cisco(
port : 0,
severity : SECURITY_WARNING,
override : override,
version : ver,
cmds : make_list("show running-config webvpn", "show running-config group-policy | include vpn-tunnel-protocol"),
xss : TRUE
);
}
else audit(AUDIT_INST_VER_NOT_VULN, "Cisco ASA software", ver);
Related
cisco
cisco
Cisco ASA Software Cross-Site Scripting Vulnerability
2013-07-25 13:23:54
cvelist
cvelist
CVE-2013-3414
2013-07-25 15:00:00
cve
cve
CVE-2013-3414
2013-07-25 15:53:16
prion
prion
Cross site scripting
2013-07-25 15:53:00
nvd
nvd
CVE-2013-3414
2013-07-25 15:53:16
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.002
Percentile
57.7%
Related for CISCO_ASA_CSCUG83080.NASL