Cisco IOS Software Command Authorization Bypass (cisco-sa-aaascp-Tyj4fEJm)

critical Nessus Plugin ID 192250

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco IOS is affected by a vulnerability.

- A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device. (CVE-2023-20186)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwe55871

See Also

http://www.nessus.org/u?6736c09f

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe55871

Plugin Details

Severity: Critical

ID: 192250

File Name: cisco-sa-aaascp-Tyj4fEJm-ios.nasl

Version: 1.2

Type: combined

Family: CISCO

Published: 3/19/2024

Updated: 3/26/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

CVSS Score Source: CVE-2023-20186

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/27/2023

Vulnerability Publication Date: 9/27/2023

Reference Information

CVE: CVE-2023-20186

CISCO-SA: cisco-sa-aaascp-Tyj4fEJm

IAVA: 2023-A-0510-S

CISCO-BUG-ID: CSCwe55871