cisco_ios 2022 cves (#162)

* arista 2021 cves

* Fix flake8 and syntax errors in Arista CVE scripts

* cisco_ios 2022 cves

---------

Co-authored-by: mailsanjayhere <mailsanjayhere@gmail.com>

Author: netpicker

CVEasy/Cisco/2022/__init__.py

@@ -0,0 +1,34 @@
+from comfy import high
+
+
+@high(
+    name='rule_cve202220677',
+    platform=['cisco_ios'],
+    commands=dict(
+        show_version='show version',
+        check_ios='show running-config | include ios'
+    ),
+)
+def rule_cve202220677(configuration, commands, device, devices):
+    """
+    This rule checks for the CVE-2022-20677 vulnerability in Cisco IOS Software.
+    The vulnerability is due to insufficient protection in the Cisco IOS application hosting environment.
+    An attacker could exploit this vulnerability to inject arbitrary commands into the underlying host
+    operating system, execute arbitrary code, install applications without authentication, or conduct
+    cross-site scripting (XSS) attacks.
+    """
+    # Extract the output of the command to check IOS configuration
+    ios_output = commands.check_ios
+
+    # Check if IOS is configured
+    ios_configured = 'ios' in ios_output
+
+    # Assert that the device is not vulnerable
+    assert not ios_configured, (
+        f"Device {device.name} is vulnerable to CVE-2022-20677. "
+        "The device has IOS application hosting configured, "
+        "which could allow an attacker to execute arbitrary commands, install unauthorized applications, "
+        "or conduct XSS attacks. "
+        "For more information, see "
+        "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-yuXQ6hFj"
+    )

CVEasy/Cisco/2022/cisco_ios/__init__.py

@@ -0,0 +1,32 @@
+from comfy import high
+
+
+@high(
+    name='rule_cve202220697',
+    platform=['cisco_ios'],
+    commands=dict(
+        show_version='show version',
+        check_http='show running-config | include ip http'
+    ),
+)
+def rule_cve202220697(configuration, commands, device, devices):
+    """
+    This rule checks for the CVE-2022-20697 vulnerability in Cisco IOS Software.
+    The vulnerability is due to improper resource management in the HTTP server code.
+    An attacker could exploit this vulnerability by sending a large number of HTTP requests
+    to an affected device, causing it to reload and resulting in a denial of service (DoS) condition.
+    """
+    # Extract the output of the command to check HTTP configuration
+    http_output = commands.check_http
+
+    # Check if HTTP server is enabled
+    http_enabled = any(service in http_output for service in ['ip http server', 'ip http secure-server'])
+
+    # Assert that the device is not vulnerable
+    assert not http_enabled, (
+        f"Device {device.name} is vulnerable to CVE-2022-20697. "
+        "The device has HTTP/HTTPS server enabled, "
+        "which could allow an attacker to cause a denial of service through crafted HTTP requests. "
+        "For more information, see "
+        "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS"
+    )

CVEasy/Cisco/2022/cisco_ios/cve202220677.py

@@ -0,0 +1,34 @@
+from comfy import high
+
+
+@high(
+    name='rule_cve202220718',
+    platform=['cisco_ios'],
+    commands=dict(
+        show_version='show version',
+        check_ios='show running-config | include ios'
+    ),
+)
+def rule_cve202220718(configuration, commands, device, devices):
+    """
+    This rule checks for the CVE-2022-20718 vulnerability in Cisco IOS Software.
+    The vulnerability is due to insufficient protection in the Cisco IOS application hosting environment.
+    Multiple vulnerabilities could allow an attacker to inject arbitrary commands into the underlying host
+    operating system, execute arbitrary code, install applications without authentication, or conduct
+    cross-site scripting (XSS) attacks.
+    """
+    # Extract the output of the command to check IOS configuration
+    ios_output = commands.check_ios
+
+    # Check if IOS is configured
+    ios_configured = 'ios' in ios_output
+
+    # Assert that the device is not vulnerable
+    assert not ios_configured, (
+        f"Device {device.name} is vulnerable to CVE-2022-20718. "
+        "The device has IOS application hosting configured, "
+        "which could allow an attacker to execute arbitrary commands, install unauthorized applications, "
+        "or conduct XSS attacks. "
+        "For more information, see "
+        "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-yuXQ6hFj"
+    )

CVEasy/Cisco/2022/cisco_ios/cve202220697.py

@@ -0,0 +1,35 @@
+from comfy import high
+
+
+@high(
+    name='rule_cve202220719',
+    platform=['cisco_ios'],
+    commands=dict(
+        show_version='show version',
+        check_ios='show running-config | include ios'
+    ),
+)
+def rule_cve202220719(configuration, commands, device, devices):
+    """
+    This rule checks for the CVE-2022-20719 vulnerability in Cisco IOS Software.
+    The vulnerability is due to insufficient protection in the Cisco IOS application
+    hosting environment.  Multiple vulnerabilities could allow an attacker to inject
+    arbitrary commands into the underlying host operating system, execute arbitrary
+    code, install applications without authentication, or conduct cross-site
+    scripting (XSS) attacks.
+    """
+    # Extract the output of the command to check IOS configuration
+    ios_output = commands.check_ios
+
+    # Check if IOS is configured
+    ios_configured = 'ios' in ios_output
+
+    # Assert that the device is not vulnerable
+    assert not ios_configured, (
+        f"Device {device.name} is vulnerable to CVE-2022-20719. "
+        "The device has IOS application hosting configured, "
+        "which could allow an attacker to execute arbitrary commands, install unauthorized applications, "
+        "or conduct XSS attacks. "
+        "For more information, see "
+        "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-yuXQ6hFj"
+    )

CVEasy/Cisco/2022/cisco_ios/cve202220718.py

@@ -0,0 +1,35 @@
+from comfy import high
+
+
+@high(
+    name='rule_cve202220720',
+    platform=['cisco_ios'],
+    commands=dict(
+        show_version='show version',
+        check_ios='show running-config | include ios'
+    ),
+)
+def rule_cve202220720(configuration, commands, device, devices):
+    """
+    This rule checks for the CVE-2022-20720 vulnerability in Cisco IOS Software.
+    The vulnerability is due to insufficient protection in the Cisco IOS application
+    hosting environment.
+    Multiple vulnerabilities could allow an attacker to inject arbitrary commands
+    into the underlying host operating system, execute arbitrary code, install
+    applications without authentication, or conduct cross-site scripting (XSS) attacks.
+    """
+    # Extract the output of the command to check IOS configuration
+    ios_output = commands.check_ios
+
+    # Check if IOS is configured
+    ios_configured = 'ios' in ios_output
+
+    # Assert that the device is not vulnerable
+    assert not ios_configured, (
+        f"Device {device.name} is vulnerable to CVE-2022-20720. "
+        "The device has IOS application hosting configured, "
+        "which could allow an attacker to execute arbitrary commands, install unauthorized applications, "
+        "or conduct XSS attacks. "
+        "For more information, see "
+        "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-yuXQ6hFj"
+    )

CVEasy/Cisco/2022/cisco_ios/cve202220719.py

@@ -0,0 +1,34 @@
+from comfy import high
+
+
+@high(
+    name='rule_cve202220721',
+    platform=['cisco_ios'],
+    commands=dict(
+        show_version='show version',
+        check_ios='show running-config | include ios'
+    ),
+)
+def rule_cve202220721(configuration, commands, device, devices):
+    """
+    This rule checks for the CVE-2022-20721 vulnerability in Cisco IOS Software.
+    The vulnerability is due to insufficient protection in the Cisco IOS application hosting environment.
+    Multiple vulnerabilities could allow an attacker to inject arbitrary commands into the underlying host
+    operating system, execute arbitrary code, install applications without authentication, or conduct
+    cross-site scripting (XSS) attacks.
+    """
+    # Extract the output of the command to check IOS configuration
+    ios_output = commands.check_ios
+
+    # Check if IOS is configured
+    ios_configured = 'ios' in ios_output
+
+    # Assert that the device is not vulnerable
+    assert not ios_configured, (
+        f"Device {device.name} is vulnerable to CVE-2022-20721. "
+        "The device has IOS application hosting configured, "
+        "which could allow an attacker to execute arbitrary commands, install unauthorized applications, "
+        "or conduct XSS attacks. "
+        "For more information, see "
+        "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-yuXQ6hFj"
+    )

CVEasy/Cisco/2022/cisco_ios/cve202220720.py

@@ -0,0 +1,34 @@
+from comfy import high
+
+
+@high(
+    name='rule_cve202220722',
+    platform=['cisco_ios'],
+    commands=dict(
+        show_version='show version',
+        check_ios='show running-config | include ios'
+    ),
+)
+def rule_cve202220722(configuration, commands, device, devices):
+    """
+    This rule checks for the CVE-2022-20722 vulnerability in Cisco IOS Software.
+    The vulnerability is due to insufficient protection in the Cisco IOS application hosting environment.
+    Multiple vulnerabilities could allow an attacker to inject arbitrary commands into the underlying host
+    operating system, execute arbitrary code, install applications without authentication, or conduct
+    cross-site scripting (XSS) attacks.
+    """
+    # Extract the output of the command to check IOS configuration
+    ios_output = commands.check_ios
+
+    # Check if IOS is configured
+    ios_configured = 'ios' in ios_output
+
+    # Assert that the device is not vulnerable
+    assert not ios_configured, (
+        f"Device {device.name} is vulnerable to CVE-2022-20722. "
+        "The device has IOS application hosting configured, "
+        "which could allow an attacker to execute arbitrary commands, install unauthorized applications, "
+        "or conduct XSS attacks. "
+        "For more information, see "
+        "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-yuXQ6hFj"
+    )

CVEasy/Cisco/2022/cisco_ios/cve202220721.py

@@ -0,0 +1,34 @@
+from comfy import high
+
+
+@high(
+    name='rule_cve202220723',
+    platform=['cisco_ios'],
+    commands=dict(
+        show_version='show version',
+        check_ios='show running-config | include ios'
+    ),
+)
+def rule_cve202220723(configuration, commands, device, devices):
+    """
+    This rule checks for the CVE-2022-20723 vulnerability in Cisco IOS Software.
+    The vulnerability is due to insufficient protection in the Cisco IOS application hosting environment.
+    Multiple vulnerabilities could allow an attacker to inject arbitrary commands into the underlying host
+    operating system, execute arbitrary code, install applications without authentication, or conduct
+    cross-site scripting (XSS) attacks.
+    """
+    # Extract the output of the command to check IOS configuration
+    ios_output = commands.check_ios
+
+    # Check if IOS is configured
+    ios_configured = 'ios' in ios_output
+
+    # Assert that the device is not vulnerable
+    assert not ios_configured, (
+        f"Device {device.name} is vulnerable to CVE-2022-20723. "
+        "The device has IOS application hosting configured, "
+        "which could allow an attacker to execute arbitrary commands, install unauthorized applications, "
+        "or conduct XSS attacks. "
+        "For more information, see "
+        "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-yuXQ6hFj"
+    )