code |
include("compat.inc");
if (description)
{
script_id(103696);
script_version("1.7");
script_cvs_date("Date: 2019/11/12");
script_cve_id(
"CVE-2017-12554",
"CVE-2017-12556",
"CVE-2017-12557",
"CVE-2017-12558",
"CVE-2017-12559",
"CVE-2017-12560",
"CVE-2017-12561"
);
script_xref(name:"HP", value:"emr_na-hpesbhf03782en_us");
script_xref(name:"HP", value:"HPESBHF03782");
script_xref(name:"ZDI", value:"ZDI-17-830");
script_xref(name:"ZDI", value:"ZDI-17-831");
script_xref(name:"ZDI", value:"ZDI-17-832");
script_xref(name:"ZDI", value:"ZDI-17-833");
script_xref(name:"ZDI", value:"ZDI-17-834");
script_xref(name:"ZDI", value:"ZDI-17-835");
script_xref(name:"ZDI", value:"ZDI-17-836");
script_name(english:"H3C / HPE Intelligent Management Center PLAT < 7.3 E0506P03 Multiple Vulnerabilities");
script_summary(english:"Checks the version of HPE Intelligent Management Center.");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Windows host is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of HPE Intelligent Management Center (iMC) PLAT installed
on the remote host is prior to 7.3 E0506P03. It is, therefore, affected
by multiple vulnerabilities that can be exploited to execute arbitrary
code.
Note that Intelligent Management Center (iMC) is an HPE product;
however, it is branded as H3C.");
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?de291610");
script_set_attribute(attribute:"solution", value:
"Upgrade to H3C / HPE iMC version 7.3 E0506P03 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12561");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'HP Intelligent Management Java Deserialization RCE');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/03");
script_set_attribute(attribute:"patch_publication_date", value:"2017/10/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/06");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:intelligent_management_center");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("hp_imc_detect.nbin");
script_require_ports("Services/activemq", 61616);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
port = get_service(svc:'activemq', default:61616, exit_on_fail:TRUE);
version = get_kb_item_or_exit('hp/hp_imc/'+port+'/version');
app = 'HP Intelligent Management Center';
fixed_display = '7.3-E0506P03';
fix = "7.3";
patchfix = NULL;
if (version =~ "^7.3\-")
{
patch = pregmatch(pattern:"[0-9.]+-E([0-9A-Z]+)", string:version);
if (!patch) audit(AUDIT_UNKNOWN_APP_VER, app);
patchver = ereg_replace(string:patch[1], pattern:"[A-Z\-]", replace:".");
if (!patchver) audit(AUDIT_UNKNOWN_APP_VER, app);
patchfix = "0506.03";
}
if ((ver_compare(ver:version, fix:fix, strict:FALSE) < 0) ||
(!isnull(patchfix) && ver_compare(ver:patchver, fix:patchfix, strict:FALSE) < 0))
{
items = make_array(
"Installed version", version,
"Fixed version", fixed_display
);
order = make_list("Installed version", "Fixed version");
report = report_items_str(report_items:items, ordered_fields:order);
security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
exit(0);
}
else
audit(AUDIT_INST_VER_NOT_VULN, app, version);
|