Vulnerabilities > CVE-2018-3225 - Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
oracle
nessus

Summary

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).

Vulnerable Configurations

Part Description Count
Application
Oracle
2

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS19_FEB_EXCHANGE.NASL
descriptionThe Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - Multiple Vulnerabilites with the included libraries from Oracle Outside. (CVE-2018-18223, CVE-2018-18224, CVE-2018-3147, CVE-2018-3217, CVE-2018-3218, CVE-2018-3219, CVE-2018-3220, CVE-2018-3221, CVE-2018-3222, CVE-2018-3223, CVE-2018-3224, CVE-2018-3225, CVE-2018-3226, CVE-2018-3227, CVE-2018-3228, CVE-2018-3229, CVE-2018-3230, CVE-2018-3231, CVE-2018-3232, CVE-2018-3233, CVE-2018-3234, CVE-2018-3302) - An elevation of privilege vulnerability exists in Exchange Web Services and Push Notifications. An unauthenticated, remote attacker can exploit, via a man-in-the-middle attack forwarding an authentication request to the Domain Controller, to gain any users privileges. (CVE-2019-0686) - An elevation of privilege vulnerability exists in Exchange Web Services and Push Notifications. An unauthenticated, remote attacker can exploit, via a man-in-the-middle attack forwarding an authentication request to the Domain Controller, to gain Domain Administrator privileges. (CVE-2019-0724)
last seen2020-06-01
modified2020-06-02
plugin id122129
published2019-02-12
reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/122129
titleSecurity Updates for Exchange (February 2019)
code
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");

if (description)
{
  script_id(122129);
  script_version("1.5");
  script_cvs_date("Date: 2019/10/31 15:18:52");

  script_cve_id(
    "CVE-2018-3147",
    "CVE-2018-3217",
    "CVE-2018-3218",
    "CVE-2018-3219",
    "CVE-2018-3220",
    "CVE-2018-3221",
    "CVE-2018-3222",
    "CVE-2018-3223",
    "CVE-2018-3224",
    "CVE-2018-3225",
    "CVE-2018-3226",
    "CVE-2018-3227",
    "CVE-2018-3228",
    "CVE-2018-3229",
    "CVE-2018-3230",
    "CVE-2018-3231",
    "CVE-2018-3232",
    "CVE-2018-3233",
    "CVE-2018-3234",
    "CVE-2018-3302",
    "CVE-2018-18223",
    "CVE-2018-18224",
    "CVE-2019-0686",
    "CVE-2019-0724"
  );
  script_xref(name:"MSKB", value:"4345836");
  script_xref(name:"MSKB", value:"4471391");
  script_xref(name:"MSKB", value:"4471392");
  script_xref(name:"MSKB", value:"4487052");
  script_xref(name:"MSFT", value:"MS19-4345836");
  script_xref(name:"MSFT", value:"MS19-4471391");
  script_xref(name:"MSFT", value:"MS19-4471392");
  script_xref(name:"MSFT", value:"MS19-4487052");

  script_name(english:"Security Updates for Exchange (February 2019)");
  script_summary(english:"Checks for Microsoft security updates.");

  script_set_attribute(attribute:"synopsis", value:
"The Microsoft Exchange Server installed on the remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The Microsoft Exchange Server installed on the remote host is missing
security updates. It is, therefore, affected by multiple
vulnerabilities :

  - Multiple Vulnerabilites with the included libraries from
    Oracle Outside. (CVE-2018-18223, CVE-2018-18224,
    CVE-2018-3147, CVE-2018-3217, CVE-2018-3218, CVE-2018-3219,
    CVE-2018-3220, CVE-2018-3221, CVE-2018-3222, CVE-2018-3223,
    CVE-2018-3224, CVE-2018-3225, CVE-2018-3226, CVE-2018-3227,
    CVE-2018-3228, CVE-2018-3229, CVE-2018-3230, CVE-2018-3231,
    CVE-2018-3232, CVE-2018-3233, CVE-2018-3234, CVE-2018-3302)

  - An elevation of privilege vulnerability exists in
    Exchange Web Services and Push Notifications. An
    unauthenticated, remote attacker can exploit, via a
    man-in-the-middle attack forwarding an authentication
    request to the Domain Controller, to gain any users
    privileges. (CVE-2019-0686)

  - An elevation of privilege vulnerability exists in
    Exchange Web Services and Push Notifications. An
    unauthenticated, remote attacker can exploit, via a
    man-in-the-middle attack forwarding an authentication
    request to the Domain Controller, to gain Domain
    Administrator privileges. (CVE-2019-0724)");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/4345836");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/4471391");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/4471392");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/4487052");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released the following security updates to address this issue:  
  -KB4345836
  -KB4471391
  -KB4471392
  -KB4487052");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0724");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/02/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:exchange_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ms_bulletin_checks_possible.nasl", "microsoft_exchange_installed.nbin");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
include("install_func.inc");

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS19-02';
kbs = make_list(
  "4345836", # Exchange Server 2013
  "4471391", # Exchange Server 2019
  "4471392", # Exchange Server 2016
  "4487052"  # Exchange Server 2010
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

install = get_single_install(app_name:"Microsoft Exchange");

path = install["path"];
version = install["version"];
release = install["RELEASE"];

if (
  release != 140 &&
  release != 150 &&
  release != 151 &&
  release != 152
)  audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', version);

if (!empty_or_null(install["SP"]))
  sp = install["SP"];
if (!empty_or_null(install["CU"]))
  cu = install["CU"];

if (release == 140 && sp != 3)
  audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', version);

if (release == 140) # Exchange Server 2010
{
  if (sp == 3)
  {
    fixedver = "14.3.442.0";
    kb = '4487052';
  }
}
else if (release == 150) # Exchange Server 2013
{
  if (cu < 22)
  {
    fixedver = "15.0.1473.3";
    kb = '4345836';
  }
}
else if (release == 151) # Exchange Server 2016
{
  if (cu < 12)
  {
    fixedver = "15.1.1713.5";
    kb = '4471392';
  }
}
else if (release == 152) # Exchange Server 2019
{
  if (cu < 1)
  {
    fixedver = "15.2.330.5";
    kb = '4471391';
  }
}

if (fixedver && hotfix_is_vulnerable(path:hotfix_append_path(path:path, value:"Bin"), file:"ExSetup.exe", version:fixedver, bulletin:bulletin, kb:kb))
{
  set_kb_item(name:'SMB/Missing/' + bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}