Adobe Connect < 9.7 Multiple Vulnerabilities (APSB17-35)

2017-11-1500:00:00

www.tenable.com

The version of Adobe Connect running on the remote host is prior to 9.7. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(104572);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/12");

  script_cve_id(
    "CVE-2017-11287",
    "CVE-2017-11288",
    "CVE-2017-11289",
    "CVE-2017-11290",
    "CVE-2017-11291"
  );
  script_bugtraq_id(101838);

  script_name(english:"Adobe Connect < 9.7 Multiple Vulnerabilities (APSB17-35)");
  script_summary(english:"Checks the version of Adobe Connect.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains an application that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Connect running on the remote host is prior to
9.7. It is, therefore, affected by multiple vulnerabilities as
referenced in the advisory.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/connect/apsb17-35.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Connect version 9.7 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-11291");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/11/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/15");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:connect");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("adobe_connect_detect.nbin");
  script_require_keys("installed_sw/Adobe Connect");
  script_require_ports("Services/www", 80, 443);

  exit(0);
}

include("http.inc");
include("vcf.inc");

app = "Adobe Connect";
get_install_count(app_name:app, exit_if_zero:TRUE);
port = get_http_port(default:80);

app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);
vcf::check_granularity(app_info:app_info, sig_segments:2);

constraints = [
      { "max_version" : "9.6.2", "fixed_version" : "9.7" }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xss:TRUE});

VendorProductVersionCPE
adobeconnectcpe:/a:adobe:connect

Vendor	Product	Version	CPE
adobe	connect		cpe:/a:adobe:connect

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11287

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11288

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11289

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11290

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11291

helpx.adobe.com/security/products/connect/apsb17-35.html

JSON

Related for ADOBE_CONNECT_APSB17-35.NASL