code | #TRUSTED 97bb95b840798a8d19a5ec8ac36f0c9d40e3117a3d151a277c2af704d3b6f9c05fe6786a377941139a36ef560b35a3a0af202ed49fd80fac5798657bc7b809ccd936052bc13f9d63263ac19ed888015c3715b7094e638e4ce5aa1efe9755009ec79e1f763c94eee4a9fd3eb3cef719a54c3c0fe309cfe61647c9604363e0b6e1e212c74e64d24038c3f61c8684b598fcdd08ebb15ab3c93a711c9dfd25a17b7e0bdaf05956f0069a83765970119cd1a11d352bea3e5228fb57f5937fe2462f1b74b5bb4bf27cc71ab6566396aec489418557595bb8068cb4a6aafe37eb7ff01ad6942b23cec56dfe89c1a6db5463bcb121eedb511e0a18d5a1331b5a368cf8edb9b104920688fff485a18af20886ad492d2b16d4d047c4cb40351d450d3717bc6ed26a24fba1727dba8a10b74d36f0fd0be118798bc8931b33f4a0bf5bf88481a309d902c4e834860e1c3c0c25d74b64bcb6a19fe5efc645c6fc3e3b24767a591286375559357ad1f7970435d6cfedc8673ca85b329e491b0d6dac0fa0da391999bd9757e44d08a7e3ebfec901d02982d391e80369ac9bd8f5b88fc7f24cc48e163c69084427e23d49ca620605a1be5639b673fc4d329b6ba8dc200b1e3ef8e7c75806490b5ac1fbf6934002cbe76b4d09d779d056a2dd04a42bc28a1bad9e2ea34fc04947ee23a42471ea127a23c06be56721c366185d9e26fae669b8b31019
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(124325);
script_version("1.5");
script_cvs_date("Date: 2019/12/20");
script_cve_id("CVE-2019-1710");
script_bugtraq_id(108007);
script_xref(name:"CWE", value:"CWE-20");
script_xref(name:"CISCO-BUG-ID", value:"CSCvn56004");
script_xref(name:"CISCO-SA", value:"cisco-sa-20190417-asr9k-exr");
script_name(english:"Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability");
script_summary(english:"Checks the version of Cisco ASR 9000 Series Aggregation Services Routers");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco ASR 9000 Series
Aggregation Services Routers are affected by the following vulnerability :
- A vulnerability in the sysadmin virtual machine (VM) on
Cisco ASR 9000 Series Aggregation Services Routers
running Cisco IOS XR 64-bit Software could allow an
unauthenticated, remote attacker to access internal
applications running on the sysadmin VM.The
vulnerability is due to incorrect isolation of the
secondary management interface from internal sysadmin
applications. An attacker could exploit this
vulnerability by connecting to one of the listening
internal applications. A successful exploit could result
in unstable conditions, including both a denial of
service and remote unauthenticated access to the device.
(CVE-2019-1710)
A workaround exists for this vulnerability. Please see the included
Cisco BIDs and Cisco Security Advisory for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?04bb980d");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn56004");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version or apply the workaround
referenced in advisory cisco-sa-20190417-asr9k-exr");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1710");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/17");
script_set_attribute(attribute:"patch_publication_date", value:"2019/04/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:asr_9000_series_aggregation_services_routers");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xr_version.nasl");
script_require_keys("Host/Cisco/IOS-XR/Version", "Host/Cisco/IOS-XR/Model", "Settings/ParanoidReport");
exit(0);
}
include("global_settings.inc");
include("audit.inc");
include("cisco_workarounds.inc");
include("ccf.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
product_info = cisco::get_product_info(name:'Cisco IOS XR');
if (product_info.model !~ "^9[09]\d\dv?")
audit(AUDIT_DEVICE_NOT_VULN, 'The ' + product_info.model + ' model');
vuln_ranges =
[ {'min_ver':'6', 'fix_ver':'6.5.3'},
{'min_ver':'7', 'fix_ver':'7.0.1'}
];
workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);
workaround_params = make_list();
reporting = make_array(
'port' , 0,
'severity' , SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , 'CSCvn56004'
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
workaround_params:workaround_params,
reporting:reporting,
vuln_ranges:vuln_ranges
);
|