Microsoft Azure CycleCloud Privilege Escalation (CVE-2021-33762)

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(152543);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/29");

  script_cve_id("CVE-2021-33762");
  script_xref(name:"IAVA", value:"2021-A-0433");

  script_name(english:"Microsoft Azure CycleCloud Privilege Escalation (CVE-2021-33762)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an application installed that is missing a security update.");
  script_set_attribute(attribute:"description", value:
"A privilege escalation vulnerability exists in Azure CycleCloud. An authenticated, local attacker can exploit this, to
elevate their privilege on the system.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33762
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?55504fef");
  # https://docs.microsoft.com/en-us/azure/cyclecloud/release-notes/7-9-10?view=cyclecloud-8
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?86b6b558");
  # https://docs.microsoft.com/en-us/azure/cyclecloud/release-notes/8-2-0?view=cyclecloud-8
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1a6f034f");
  script_set_attribute(attribute:"solution", value:
"Upgrade Azure CycleCloud to version 7.9.10, 8.2.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-33762");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/06/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/13");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:microsoft:azure_cyclecloud");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("azure_cyclecloud_web_detect.nbin", "microsoft_azure_cyclecloud_web_detect.nbin");
  script_require_keys("installed_sw/Microsoft Azure CycleCloud");

  exit(0);
}

include('vcf.inc');
include('http.inc');

var port = get_http_port(default:443);

var app_info = vcf::get_app_info(app:'Microsoft Azure CycleCloud', webapp:TRUE, port:port);

var constraints = [
  { 'min_version': '0.0.0' ,'fixed_version' : '7.9.10' },
  { 'min_version': '8.0.0' ,'fixed_version' : '8.2.0' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);