code | #
# (C) Tenable Network Security, Inc.
#
account = "emcupdate";
password = "password";
include("compat.inc");
if (description)
{
script_id(83783);
script_version("1.15");
script_cvs_date("Date: 2019/11/22");
script_cve_id("CVE-1999-0502", "CVE-2015-0529");
script_bugtraq_id(73482);
script_name(english:"Default Password (password) for 'emcupdate' Account");
script_summary(english:"Attempts to log in to the remote host.");
script_set_attribute(attribute:"synopsis", value:
"The remote EMC PowerPath virtual appliance can be accessed with a
built-in account.");
script_set_attribute(attribute:"description", value:
"The account 'emcupdate' on the remote EMC PowerPath virtual appliance
has the default password 'password'. An attacker can leverage this
issue to gain access to the affected system and launch further attacks
against it.");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/535155/30/270/threaded");
script_set_attribute(attribute:"solution", value:
"Change the password for this account or disable it.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:TF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:T/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'SSH User Code Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:emc:powerpath_virtual_appliance");
script_set_attribute(attribute:"default_account", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Default Unix Accounts");
script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("find_service1.nasl", "ssh_detect.nasl", "account_check.nasl");
script_exclude_keys("global_settings/supplied_logins_only");
script_require_ports("Services/telnet", 23, "Services/ssh", 22);
exit(0);
}
include("audit.inc");
include("default_account.inc");
include("global_settings.inc");
if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);
if (! thorough_tests && ! get_kb_item("Settings/test_all_accounts"))
exit(0, "Neither thorough_tests nor 'Settings/test_all_accounts' is set.");
affected = FALSE;
ssh_ports = get_service_port_list(svc: "ssh", default:22);
foreach port (ssh_ports)
{
port = check_account(login:account, password:password, cmd:'pwd', cmd_regex:'^/home/emcupdate$', port:port, svc:"ssh");
if (port)
{
affected = TRUE;
security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());
}
}
if(affected) exit(0);
telnet_ports = get_service_port_list(svc: "telnet", default:23);
foreach port (telnet_ports)
{
port = check_account(login:account, password:password, cmd:'pwd', cmd_regex:'^/home/emcupdate$', port:port, svc:"telnet");
if (port)
{
affected = TRUE;
security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());
}
}
if(!affected) audit(AUDIT_HOST_NOT, "affected");
|