17 IOS CVEs: CVE-2020-3199, CVE-2020-3228, CVE...

repository/definitions/vulnerability/oval_com.jovalcm.cisco.ios.cve_def_2019160090000.xml

@@ -0,0 +1,32 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:com.jovalcm.cisco.ios.cve:def:2019160090000" version="0">
+  <metadata>
+    <title>Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability (High Impact)</title>
+    <affected family="ios">
+      <platform>Cisco IOS</platform>
+    </affected>
+    <reference ref_id="cisco-sa-20200108-ios-csrf" source="Vendor Advisory" ref_url="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ios-csrf"/>
+    <reference ref_id="CVE-2019-16009" source="CVE"/>
+    <reference ref_id="High-Impact" source="Vendor Impact Rating" ref_url="https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#asr"/>
+    <description>A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.  The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device.  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.  This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ios-csrf ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ios-csrf"]</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2020-06-08T22:05:45">
+          <contributor organization="JovalCM.com">David Ries</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.11.2</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="AND">
+    <criteria operator="AND" comment="Affected IOS configuration">
+      <criterion test_ref="oval:com.jovalcm.cisco.ios.cve:tst:2019160090001" comment="HTTP server is configured"/>
+      <criterion test_ref="oval:com.jovalcm.cisco.ios.cve:tst:2019160090003" negate="true" comment="Active HTTP sessions are disabled"/>
+    </criteria>
+    <criteria operator="AND" comment="Affected IOS configuration">
+      <criterion test_ref="oval:com.jovalcm.cisco.ios.cve:tst:2019160090004" comment="HTTP secure server is configured"/>
+      <criterion test_ref="oval:com.jovalcm.cisco.ios.cve:tst:2019160090005" negate="true" comment="Active HTTPS sessions are disabled"/>
+    </criteria>
+    <criterion test_ref="oval:com.jovalcm.cisco.ios.cve:tst:2019160090002" comment="IOS version is affected"/>
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_com.jovalcm.cisco.ios.cve_def_2020319800000.xml

@@ -0,0 +1,24 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:com.jovalcm.cisco.ios.cve:def:2020319800000" version="0">
+  <metadata>
+    <title>Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities (Critical Impact)</title>
+    <affected family="ios">
+      <platform>Cisco IOS</platform>
+    </affected>
+    <reference ref_id="cisco-sa-ios-iot-rce-xyrsemnh" source="Vendor Advisory" ref_url="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"/>
+    <reference ref_id="CVE-2020-3198" source="CVE"/>
+    <reference ref_id="Critical-Impact" source="Vendor Impact Rating" ref_url="https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#asr"/>
+    <description>Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload.  For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.  Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.  This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"]  This advisory is part of the June 3, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 23 Cisco Security Advisories that describe 25 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [" http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-73388"].</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2020-06-08T22:05:45">
+          <contributor organization="JovalCM.com">David Ries</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.11.2</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="AND">
+    <criterion test_ref="oval:com.jovalcm.cisco.ios.cve:tst:2020319800001" comment="IOS version is affected"/>
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_com.jovalcm.cisco.ios.cve_def_2020319900000.xml

@@ -0,0 +1,24 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:com.jovalcm.cisco.ios.cve:def:2020319900000" version="0">
+  <metadata>
+    <title>Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities (High Impact)</title>
+    <affected family="ios">
+      <platform>Cisco IOS</platform>
+    </affected>
+    <reference ref_id="cisco-sa-ios-iot-gos-vuln-s9qs8kyl" source="Vendor Advisory" ref_url="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"/>
+    <reference ref_id="CVE-2020-3199" source="CVE"/>
+    <reference ref_id="High-Impact" source="Vendor Impact Rating" ref_url="https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#asr"/>
+    <description>Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device.  For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.  Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.  This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"]  This advisory is part of the June 3, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 23 Cisco Security Advisories that describe 25 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [" http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-73388"].</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2020-06-08T22:05:45">
+          <contributor organization="JovalCM.com">David Ries</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.11.2</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="AND">
+    <criterion test_ref="oval:com.jovalcm.cisco.ios.cve:tst:2020319900001" comment="IOS version is affected"/>
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_com.jovalcm.cisco.ios.cve_def_2020320000000.xml

@@ -0,0 +1,25 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:com.jovalcm.cisco.ios.cve:def:2020320000000" version="0">
+  <metadata>
+    <title>Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability (High Impact)</title>
+    <affected family="ios">
+      <platform>Cisco IOS</platform>
+    </affected>
+    <reference ref_id="cisco-sa-ssh-dos-un22sd2a" source="Vendor Advisory" ref_url="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A"/>
+    <reference ref_id="CVE-2020-3200" source="CVE"/>
+    <reference ref_id="High-Impact" source="Vendor Impact Rating" ref_url="https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#asr"/>
+    <description>A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload.  The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.  This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A"]  This advisory is part of the June 3, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 23 Cisco Security Advisories that describe 25 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [" http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-73388"].</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2020-06-08T22:05:45">
+          <contributor organization="JovalCM.com">David Ries</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.11.2</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="AND">
+    <criterion test_ref="oval:com.jovalcm.cisco.ios.cve:tst:2020320000002" comment="SSH enabled"/>
+    <criterion test_ref="oval:com.jovalcm.cisco.ios.cve:tst:2020320000001" comment="IOS version is affected"/>
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_com.jovalcm.cisco.ios.cve_def_2020320100000.xml

@@ -0,0 +1,24 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:com.jovalcm.cisco.ios.cve:def:2020320100000" version="0">
+  <metadata>
+    <title>Cisco IOS and IOS XE Software Tcl Denial of Service Vulnerability (Medium Impact)</title>
+    <affected family="ios">
+      <platform>Cisco IOS</platform>
+    </affected>
+    <reference ref_id="cisco-sa-tcl-dos-mazqunmf" source="Vendor Advisory" ref_url="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tcl-dos-MAZQUnMF"/>
+    <reference ref_id="CVE-2020-3201" source="CVE"/>
+    <reference ref_id="Medium-Impact" source="Vendor Impact Rating" ref_url="https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#asr"/>
+    <description>A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system.  The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by executing crafted Tcl arguments on an affected device. An exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.  This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tcl-dos-MAZQUnMF ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tcl-dos-MAZQUnMF"]</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2020-06-08T22:05:45">
+          <contributor organization="JovalCM.com">David Ries</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.11.2</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="AND">
+    <criterion test_ref="oval:com.jovalcm.cisco.ios.cve:tst:2020320100001" comment="IOS version is affected"/>
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_com.jovalcm.cisco.ios.cve_def_2020320400000.xml

@@ -0,0 +1,24 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:com.jovalcm.cisco.ios.cve:def:2020320400000" version="0">
+  <metadata>
+    <title>Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability (Medium Impact)</title>
+    <affected family="ios">
+      <platform>Cisco IOS</platform>
+    </affected>
+    <reference ref_id="cisco-sa-tcl-ace-c9kuvkmm" source="Vendor Advisory" ref_url="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tcl-ace-C9KuVKmm"/>
+    <reference ref_id="CVE-2020-3204" source="CVE"/>
+    <reference ref_id="Medium-Impact" source="Vendor Impact Rating" ref_url="https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#asr"/>
+    <description>A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges.  The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the underlying OS of the affected device.  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.  This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tcl-ace-C9KuVKmm ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tcl-ace-C9KuVKmm"]</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2020-06-08T22:05:45">
+          <contributor organization="JovalCM.com">David Ries</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.11.2</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="AND">
+    <criterion test_ref="oval:com.jovalcm.cisco.ios.cve:tst:2020320400001" comment="IOS version is affected"/>
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_com.jovalcm.cisco.ios.cve_def_2020320500000.xml

@@ -0,0 +1,24 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:com.jovalcm.cisco.ios.cve:def:2020320500000" version="0">
+  <metadata>
+    <title>Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability (Critical Impact)</title>
+    <affected family="ios">
+      <platform>Cisco IOS</platform>
+    </affected>
+    <reference ref_id="cisco-sa-ios-iot-udp-vds-inj-f2d5jzrt" source="Vendor Advisory" ref_url="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"/>
+    <reference ref_id="CVE-2020-3205" source="CVE"/>
+    <reference ref_id="Critical-Impact" source="Vendor Impact Rating" ref_url="https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#asr"/>
+    <description>A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device.  The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise.  For more information about this vulnerability, see the Details ["#details"] section of this advisory.  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.  This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"]  This advisory is part of the June 3, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 23 Cisco Security Advisories that describe 25 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [" http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-73388"].</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2020-06-08T22:05:45">
+          <contributor organization="JovalCM.com">David Ries</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.11.2</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="AND">
+    <criterion test_ref="oval:com.jovalcm.cisco.ios.cve:tst:2020320500001" comment="IOS version is affected"/>
+  </criteria>
+</definition>