| code | #
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(134761);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/10");
script_cve_id("CVE-2020-5957", "CVE-2020-5958");
script_xref(name:"IAVA", value:"2020-A-0111-S");
script_name(english:"NVIDIA Windows GPU Display Driver (Feb 2020)");
script_summary(english:"Checks the driver version.");
script_set_attribute(attribute:"synopsis", value:
"The NVIDIA GPU display driver software on the remote host is missing
a security update. It is, therefore, affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"A display driver installed on the remote Windows host is affected by
multiple vulnerabilities.
- A privilege escalation vulnerability exists in NVIDIA Control
Panel component. An unauthenticated, local attacker can exploit
this, via corrputing a system file, to gain priviledged access
to the system.
- A privilege escalation vulnerability exists in NVIDIA Control
Panel component. An unauthenticated, local attacker can exploit
this, via planting a malicious DLL file, this may lead to
code execution, denial of service, or information disclosure.");
script_set_attribute(attribute:"see_also", value:"https://nvidia.custhelp.com/app/answers/detail/a_id/4996");
script_set_attribute(attribute:"solution", value:
"Upgrade the NVIDIA graphics driver in accordance with the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5957");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/28");
script_set_attribute(attribute:"patch_publication_date", value:"2020/02/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/20");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:nvidia:gpu_driver");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("wmi_enum_display_drivers.nbin");
script_require_keys("WMI/DisplayDrivers/NVIDIA", "Settings/ParanoidReport");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
kb_base = 'WMI/DisplayDrivers/';
# double check in case optimization is disabled
kbs = get_kb_list(kb_base + '*/Name');
if (isnull(kbs)) exit(0, 'No display drivers were found.');
report = '';
foreach kb (keys(kbs))
{
name = kbs[kb];
# only check NVIDIA drivers
if ("NVIDIA" >!< name) continue;
nvidia_found = TRUE;
id = kb - kb_base - '/Name';
version = get_kb_item_or_exit(kb_base + id + '/Version');
gpumodel = tolower(get_kb_item_or_exit(kb_base + id + '/Processor'));
driver_date = get_kb_item_or_exit(kb_base + id + '/DriverDate');
disp_driver_date = driver_date;
# convert to something we can pass to ver_compare (YYYY.MM.DD)
driver_date = split(driver_date, sep:'/', keep:FALSE);
driver_date = driver_date[2] + '.' + driver_date[0] + '.' + driver_date[1];
fix = NULL;
# GeForce
if (gpumodel =~ "geforce")
{
# All R430 versions prior to 442.50
if (version =~ "^44[0-2]\." && ver_compare(ver:version, fix:'442.50', strict:FALSE) == -1)
fix = '442.50';
}
# Quadro NVS
else if (gpumodel =~ "quadro|nvs")
{
# All R440 versions prior to 442.50
if (version =~ "^44[0-2]\." && ver_compare(ver:version, fix:'442.50', strict:FALSE) == -1)
fix = '442.50';
# All R430 versions prior to 432.28
else if (version =~ "^43[0-2]\." && ver_compare(ver:version, fix:'432.28', strict:FALSE) == -1)
fix = '432.28';
# All R418 versions prior to 426.50
else if (version =~ "^4(1[0-9]|2[0-6])\." && ver_compare(ver:version, fix:'426.50', strict:FALSE) == -1)
fix = '426.50';
# All R390 versions prior to 392.59
else if (version =~ "^39[0-2]\." && ver_compare(ver:version, fix:'392.59', strict:FALSE) == -1)
fix = '392.59';
}
# Tesla
else if (gpumodel =~ "tesla")
{
# All R440 versions prior to 442.50
if (version =~ "^44[0-2]\." && ver_compare(ver:version, fix:'442.50', strict:FALSE) == -1)
fix = '442.50';
# All R418 versions prior to 426.50
else if (version =~ "^4(1[0-9]|2[0-6])\." && ver_compare(ver:version, fix:'426.50', strict:FALSE) == -1)
fix = '426.50';
}
if (!isnull(fix))
{
order = make_list('Device name', 'Driver version', 'Driver date', 'Fixed version');
report = make_array(
order[0],name,
order[1],version,
order[2],disp_driver_date,
order[3],fix
);
report = report_items_str(report_items:report, ordered_fields:order);
security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);
exit(0);
}
else
{
exit(0, 'No vulnerable NVIDIA display drivers were found.');
}
}
exit(0, 'No NVIDIA display drivers were found.');
|