cvelistv5 - cve-2024-20323

CVE-2024-20323 (GCVE-0-2024-20323)

Vulnerability from cvelistv5

Published

2024-07-17 16:28

Modified

2024-08-01 21:59

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

CWE

CWE-321 - Use of Hard-coded Cryptographic Key

Summary

A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device. This vulnerability is due to the presence of hard-coded cryptographic material. An attacker in a man-in-the-middle position between Cisco iNode Manager and associated deployed nodes could exploit this vulnerability by using the static cryptographic key to generate a trusted certificate and impersonate an affected device. A successful exploit could allow the attacker to read data that is meant for a legitimate device, modify the startup configuration of an associated node, and, consequently, cause a denial of service (DoS) condition for downstream devices that are connected to the affected node.

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-inode-static-key-VUVCeynn

Impacted products

Vendor

Product

Version

Cisco

Cisco Intelligent Node Manager

Version: N/A

Cisco

Cisco Intelligent Node Software

Version: N/A

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20323",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-22T20:07:08.038890Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-22T20:07:15.658Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:41.478Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-inode-static-key-VUVCeynn",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-inode-static-key-VUVCeynn"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Intelligent Node Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "Cisco Intelligent Node Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device.\r\n\r This vulnerability is due to the presence of hard-coded cryptographic material. An attacker in a man-in-the-middle position between Cisco iNode Manager and associated deployed nodes could exploit this vulnerability by using the static cryptographic key to generate a trusted certificate and impersonate an affected device. A successful exploit could allow the attacker to read data that is meant for a legitimate device, modify the startup configuration of an associated node, and, consequently, cause a denial of service (DoS) condition for downstream devices that are connected to the affected node."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-17T16:28:39.858Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-inode-static-key-VUVCeynn",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-inode-static-key-VUVCeynn"
        }
      ],
      "source": {
        "advisory": "cisco-sa-inode-static-key-VUVCeynn",
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20323",
    "datePublished": "2024-07-17T16:28:39.858Z",
    "dateReserved": "2023-11-08T15:08:07.640Z",
    "dateUpdated": "2024-08-01T21:59:41.478Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-inode-static-key-VUVCeynn\", \"name\": \"cisco-sa-inode-static-key-VUVCeynn\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:59:41.478Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-20323\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-22T20:07:08.038890Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-22T20:07:12.650Z\"}}], \"cna\": {\"source\": {\"advisory\": \"cisco-sa-inode-static-key-VUVCeynn\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Intelligent Node Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Intelligent Node Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-inode-static-key-VUVCeynn\", \"name\": \"cisco-sa-inode-static-key-VUVCeynn\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device.\\r\\n\\r This vulnerability is due to the presence of hard-coded cryptographic material. An attacker in a man-in-the-middle position between Cisco iNode Manager and associated deployed nodes could exploit this vulnerability by using the static cryptographic key to generate a trusted certificate and impersonate an affected device. A successful exploit could allow the attacker to read data that is meant for a legitimate device, modify the startup configuration of an associated node, and, consequently, cause a denial of service (DoS) condition for downstream devices that are connected to the affected node.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-321\", \"description\": \"Use of Hard-coded Cryptographic Key\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-07-17T16:28:39.858Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-20323\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T21:59:41.478Z\", \"dateReserved\": \"2023-11-08T15:08:07.640Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-07-17T16:28:39.858Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0602

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que les correctifs de sécurité pour la vulnérabilité CVE-2024-20435 affectant Secure Web Appliance seront publiés en juillet (14.5.3 MR) et août (15.0 MR) 2024. Les correctifs pour la vulnérabilité CVE-2024-20296 affectant ISE seront publiés en septembre 2024 (3.2P7) et janvier 2025 (3.1P10), la version 3.3P3 est déjà disponible.

Impacted products

Vendor	Product	Description
Cisco	Secure Web Appliance	Secure Web Appliance avec AsyncOS versions 15.0.x antérieures à 15.0 MR
Cisco	Secure Email Gateway	Secure Email Gateway avec une version de paquet de Content Scanner Tools antérieure à 23.3.0.4823
Cisco	Identity Services Engine	Identity Services Engine (ISE) versions antérieures à 3.1P10
Cisco	Secure Web Appliance	Secure Web Appliance avec AsyncOS versions 15.1.x
Cisco	Intelligent Node Software	iNode Software versions antérieures à 4.0.0
Cisco	Identity Services Engine	Identity Services Engine (ISE) versions 3.2.x antérieures à 3.2P7
Cisco	Identity Services Engine	Identity Services Engine (ISE) versions 3.3.x antérieures à 3.3P3
Cisco	Intelligent Node Software	iNode Manager Software versions antérieures à 24.1
Cisco	Smart Software Manager	Smart Software Manager (SSM) On-Prem verions 8.x antérieures à 8-202212
Cisco	Secure Web Appliance	Secure Web Appliance avec AsyncOS versions antérieures à 14.5.3 MR

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-esa-afw-bGG2UsjH	2024-07-17	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-inode-static-key-VUVCeynn	2024-07-17	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-swa-priv-esc-7uHpZsCC	2024-07-17	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ise-file-upload-krW2TxA9	2024-07-17	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-cssm-auth-sLw3uhUy	2024-07-17	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Secure Web Appliance avec AsyncOS versions 15.0.x ant\u00e9rieures \u00e0 15.0 MR ",
      "product": {
        "name": "Secure Web Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Secure Email Gateway avec une version de paquet de Content Scanner Tools ant\u00e9rieure \u00e0 23.3.0.4823",
      "product": {
        "name": "Secure Email Gateway",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Identity Services Engine (ISE) versions ant\u00e9rieures \u00e0 3.1P10",
      "product": {
        "name": "Identity Services Engine",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Secure Web Appliance avec AsyncOS versions 15.1.x ",
      "product": {
        "name": "Secure Web Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "iNode Software versions ant\u00e9rieures \u00e0 4.0.0",
      "product": {
        "name": "Intelligent Node Software",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Identity Services Engine (ISE) versions 3.2.x ant\u00e9rieures \u00e0 3.2P7",
      "product": {
        "name": "Identity Services Engine",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Identity Services Engine (ISE) versions 3.3.x ant\u00e9rieures \u00e0 3.3P3",
      "product": {
        "name": "Identity Services Engine",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "iNode Manager Software versions ant\u00e9rieures \u00e0 24.1",
      "product": {
        "name": "Intelligent Node Software",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Smart Software Manager (SSM) On-Prem verions 8.x ant\u00e9rieures \u00e0 8-202212",
      "product": {
        "name": "Smart Software Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Secure Web Appliance avec AsyncOS versions ant\u00e9rieures \u00e0 14.5.3 MR",
      "product": {
        "name": "Secure Web Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que les correctifs de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-20435 affectant Secure Web Appliance seront publi\u00e9s en juillet (14.5.3 MR) et ao\u00fbt (15.0 MR) 2024. Les correctifs pour la vuln\u00e9rabilit\u00e9 CVE-2024-20296 affectant ISE seront publi\u00e9s en septembre 2024 (3.2P7) et janvier 2025 (3.1P10), la version 3.3P3 est d\u00e9j\u00e0 disponible.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-20435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20435"
    },
    {
      "name": "CVE-2024-20401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20401"
    },
    {
      "name": "CVE-2024-20419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20419"
    },
    {
      "name": "CVE-2024-20323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20323"
    },
    {
      "name": "CVE-2024-20296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20296"
    }
  ],
  "initial_release_date": "2024-07-18T00:00:00",
  "last_revision_date": "2024-07-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0602",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-07-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": "2024-07-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-esa-afw-bGG2UsjH",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH"
    },
    {
      "published_at": "2024-07-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-inode-static-key-VUVCeynn",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-inode-static-key-VUVCeynn"
    },
    {
      "published_at": "2024-07-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-swa-priv-esc-7uHpZsCC",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC"
    },
    {
      "published_at": "2024-07-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ise-file-upload-krW2TxA9",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-krW2TxA9"
    },
    {
      "published_at": "2024-07-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cssm-auth-sLw3uhUy",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-20323 (GCVE-0-2024-20323)

Vulnerability from cvelistv5

CERTFR-2024-AVI-0602

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature