Detections
Analytics

Cisco Evolved Programmable Network Manager Multiple Vulnerabilities (cisco-sa-pi-epnm-eRPWAXLe)

medium Nessus Plugin ID 173977

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of Cisco Evolved Programmable Network (EPN) Manager installed on the remote host is prior to 5.0.2.5, 5.1.4.3, 6.0.2.1 or 6.1.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the cisco-sa-pi-epnm-eRPWAXLe advisory:

 - A cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco EPN Manager due insufficient validation user-supplied input. An authenticated, remote attacker can exploit this vulnerability to inject malicious code into specific pages of the interface allowing the attacker to execute arbitrary code in the context of the affected device or access sensitive, browser-based information. (CVE-2023-20131)

 - An arbitrary file read vulnerability in the web-based management interface of EPN Manager due to insufficient validation of user input. A remote, authenticated attacker can exploit this vulnerability to access sensitive files in the underlying operating system of the affected device. (CVE-2023-2023-20129)

 - A cross-site request forgery (CSRF) vulnerability in the web-based management interface of Cisco EPN Manager due to insufficient CSRF protections. An attacker could exploit this vulnerability by persuading a user of the interface to the follow a specially crafted link resulting in the attacker being able to perform arbitrary actions on the affected system with the privileges of the target user. (CVE-2023-20130)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwc25461, CSCwc51948, CSCwc76734, CSCwd28312, CSCwd69561

See Also

http://www.nessus.org/u?838ad81a

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc25461

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc51948

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc76734

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd28312

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd69561

Plugin Details

Severity: Medium

ID: 173977

File Name: cisco-sa-pi-epnm-eRPWAXLe-epnm.nasl

Version: 1.5

Type: remote

Family: CISCO

Published: 4/6/2023

Updated: 8/24/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2023-20130

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:evolved_programmable_network_manager

Required KB Items: installed_sw/Cisco EPN Manager

Exploit Ease: No known exploits are available

Patch Publication Date: 4/5/2023

Vulnerability Publication Date: 4/5/2023

Reference Information

CVE: CVE-2023-20129, CVE-2023-20130, CVE-2023-20131

CISCO-SA: cisco-sa-pi-epnm-eRPWAXLe

IAVA: 2023-A-0219-S

CISCO-BUG-ID: CSCwc25461, CSCwc51948, CSCwc76734, CSCwd28312, CSCwd69561