Vulnerabilities > CVE-2019-12660 - Exposure of Resource to Wrong Sphere vulnerability in Cisco IOS XE

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
local
low complexity
cisco
CWE-668
nessus
NVD
Published: 2019-09-25
Updated: 2020-10-08

Summary

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning.

Vulnerable Configurations

Part Description Count
OS
Cisco
259

Common Weakness Enumeration (CWE)

Nessus

NASL familyCISCO
NASL idCISCO-SA-20190925-AWR.NASL
descriptionAccording to its self-reported version, Cisco IOS XE Software is affected by a vulnerability. The vulnerability allows an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning. Please see the included Cisco BIDs and Cisco Security Advisory for more information
last seen2020-05-09
modified2019-10-03
plugin id129536
published2019-10-03
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/129536
titleCisco IOS XE Software ASIC Register Write Vulnerability
code
#TRUSTED 9690f9115087dbfbc9449cd95e6639acd9b3c12b379c3693f63c724398770ca0fa64bfe1ef129df6ff5ab36978e55825e5820a79f58c896a6d9950f88fafd339ab2ea490aebfbb90f53967a4c6e834291023f06a7022495135bf6fd3e121dbb5b6f241c5acc9099a9010ab7c1478208cef46a381f37c250dbf3f815d2d83c31dfa394aa345c7efafe90b66fb6ae3b7edf93c7f8bf6a15bb57d8d4ac1a1d9e8a89f2a2b46ddb33da79112574b1c565137262a469539a039b2aebe7c76870443cb1e05228d6542e1fd5f905ddda19a4ffd8eec37c26c94081c0efa14786791be6923a7be1cc3685e5fe791661623ccab4d20d8fbbe9a98ef2ccdf7cecd832d33b98e24098faf5a7897d23496c96e358199665ca7c636e879a33dde75a5e7c5cffb289dbc18f87c660940b2747691b271fae32f9e50561a48e70fe1f4a909262511a942c80aed98dd7a3a91b67dc9350c1a8f8d4690d51a2c38a84f0956c8f611eb89da9d5382996aa1f3df62bd078e344d4c05d3341720198a9c256fe641a23eeeceb9d812ea9cf96822b633a1a24cf0032824cd94af0c1f98c8530d867a133972200ccfe70e072103d80ea420062c93eefcfef7d619a94c911da0d4ded8a20167f2d4c5a47bf5c406126bc4a519ec985d21b00e0c378f123fb63dc8d3ec372dbecf5a3d3266ae04395f182fc5e63057f331965565f9ad5fb27a5994000992d44e
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(129536);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/08");

  script_cve_id("CVE-2019-12660");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvj14070");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20190925-awr");
  script_xref(name:"IAVA", value:"2019-A-0352-S");

  script_name(english:"Cisco IOS XE Software ASIC Register Write Vulnerability");
  script_summary(english:"Checks the version of Cisco IOS XE Software");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability. The vulnerability
allows an authenticated, local attacker to write values to the underlying memory of an affected device. The
vulnerability is due to improper input validation and authorization of specific commands that a user can execute
within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a
specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to
cause it to be non-secure and abnormally functioning. 

Please see the included Cisco BIDs and Cisco Security Advisory for more information");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-awr
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9c9e2875");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj14070");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvj14070");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12660");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(668);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xe_version.nasl");
  script_require_keys("Host/Cisco/IOS-XE/Version");

  exit(0);
}

include('audit.inc');
include('cisco_workarounds.inc');
include('ccf.inc');

product_info = cisco::get_product_info(name:'Cisco IOS XE Software');

version_list=make_list(
  '3.2.11aSG',
  '3.2.0JA',
  '16.9.3s',
  '16.8.1s',
  '16.8.1e',
  '16.8.1d',
  '16.8.1c',
  '16.8.1b',
  '16.8.1a',
  '16.8.1',
  '16.7.4',
  '16.7.3',
  '16.7.2',
  '16.7.1b',
  '16.7.1a',
  '16.7.1',
  '16.6.3',
  '16.6.2',
  '16.6.1',
  '16.5.3',
  '16.5.2',
  '16.5.1b',
  '16.5.1a',
  '16.5.1',
  '16.4.3',
  '16.4.2',
  '16.4.1',
  '16.3.6',
  '16.3.5b',
  '16.3.5',
  '16.3.4',
  '16.3.3',
  '16.3.2',
  '16.3.1a',
  '16.3.1',
  '16.2.2',
  '16.2.1',
  '16.1.3',
  '16.1.2',
  '16.1.1'
);

workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);
workaround_params = make_list();

reporting = make_array(
'port'     , 0,
'severity' , SECURITY_WARNING,
'version'  , product_info['version'],
'bug_id'   , 'CSCvj14070'
);

cisco::check_and_report(
  product_info:product_info,
  workarounds:workarounds,
  workaround_params:workaround_params,
  reporting:reporting,
  vuln_versions:version_list
);

References