Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.COLDFUSION_WIN_APSB22-44.NASL
HistoryOct 13, 2022 - 12:00 a.m.

Adobe ColdFusion < 2018.x < 2018u15 / 2021.x < 2021u5 Multiple Vulnerabilities (APSB22-44)

2022-10-1300:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
60
adobe coldfusion
vulnerabilities
stack-based buffer overflow
arbitrary code execution
heap-based buffer overflow
path traversal
cwe-121
cwe-122
cve-2022-35690
cve-2022-35710
cve-2022-35711
cve-2022-35712
cve-2022-38418
cve-2022-38421
windows host
nessus scanner

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.007 Low

EPSS

Percentile

80.8%

JSON

The version of Adobe ColdFusion installed on the remote Windows host is prior to 2018.x update 15 or 2021.x update 5. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB22-44 advisory.

  • Stack-based Buffer Overflow (CWE-121) potentially leading to Arbitrary code execution (CVE-2022-35690, CVE-2022-35710)

  • Heap-based Buffer Overflow (CWE-122) potentially leading to Arbitrary code execution (CVE-2022-35711, CVE-2022-35712)

  • Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) potentially leading to Arbitrary code execution (CVE-2022-38418, CVE-2022-38421)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(166095);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/25");

  script_cve_id(
    "CVE-2022-35690",
    "CVE-2022-35710",
    "CVE-2022-35711",
    "CVE-2022-35712",
    "CVE-2022-38418",
    "CVE-2022-38419",
    "CVE-2022-38420",
    "CVE-2022-38421",
    "CVE-2022-38422",
    "CVE-2022-38423",
    "CVE-2022-38424",
    "CVE-2022-42340",
    "CVE-2022-42341"
  );
  script_xref(name:"IAVA", value:"2022-A-0416-S");

  script_name(english:"Adobe ColdFusion < 2018.x < 2018u15 / 2021.x < 2021u5 Multiple Vulnerabilities (APSB22-44)");

  script_set_attribute(attribute:"synopsis", value:
"A web-based application running on the remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe ColdFusion installed on the remote Windows host is prior to 2018.x update 15 or 2021.x update 5. It
is, therefore, affected by multiple vulnerabilities as referenced in the APSB22-44 advisory.

  - Stack-based Buffer Overflow (CWE-121) potentially leading to Arbitrary code execution (CVE-2022-35690,
    CVE-2022-35710)

  - Heap-based Buffer Overflow (CWE-122) potentially leading to Arbitrary code execution (CVE-2022-35711,
    CVE-2022-35712)

  - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') potentially leading
    to Arbitrary code execution (CVE-2022-38418, CVE-2022-38421)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html");
  script_set_attribute(attribute:"solution", value:
"Update to Adobe ColdFusion version 2018 update 15 / 2021 update 5 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-38418");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(20, 22, 121, 122, 200, 611, 798);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:coldfusion");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("coldfusion_win_local_detect.nasl");
  script_require_keys("SMB/coldfusion/instance");
  script_require_ports(139, 445);

  exit(0);
}

include('coldfusion_win.inc');

var instances = get_coldfusion_instances();
var instance_info = [];

foreach var name (keys(instances))
{
  var info = NULL;
  var ver = instances[name];

  if (ver == '2018.0.0')
  {
    info = check_jar_chf(name, 15);
  }
  else if (ver == '2021.0.0')
  {
    info = check_jar_chf(name, 5);
  }

  if (!isnull(info))
    instance_info = make_list(instance_info, info);
}

if (max_index(instance_info) == 0)
  audit(AUDIT_INST_VER_NOT_VULN, 'Adobe ColdFusion');

var port = get_kb_item('SMB/transport');
if (!port)
  port = 445;

var report =
  '\n' + 'Nessus detected the following unpatched instances :' +
  '\n' + join(instance_info, sep:'\n') +
  '\n' + 'Also note that to be fully protected the Java JDK must be patched along with applying the vendor patch.';

security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
VendorProductVersionCPE
adobecoldfusioncpe:/a:adobe:coldfusion

Related

adobe 1
zdi 11
nvd 13
cve 13
cvelist 13
prion 13
checkpoint_advisories 13
cnvd 10
adobe
adobe
APSB22-44: Security updates available for ColdFusion
2022-10-11 00:00:00
zdi
zdi
Adobe ColdFusion Application Server Directory Traversal Arbitrary File Disclosure Or Deletion Vulnerability
2022-10-14 00:00:00
Adobe ColdFusion ODBC Agent Memory Corruption Remote Code Execution Vulnerability
2022-10-14 00:00:00
Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability
2022-10-14 00:00:00
nvd
nvd
CVE-2022-35711
2022-10-14 20:15:12
CVE-2022-35690
2022-10-14 20:15:11
CVE-2022-35710
2022-10-14 20:15:12
cve
cve
CVE-2022-38420
2022-10-14 20:15:12
CVE-2022-38424
2022-10-14 20:15:13
CVE-2022-35690
2022-10-14 20:15:11
cvelist
cvelist
CVE-2022-38420 Adobe ColdFusion Use of Hard-coded Credentials Application denial-of-service
2022-10-11 00:00:00
CVE-2022-38422 Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability
2022-10-11 00:00:00
CVE-2022-35710 Adobe ColdFusion ODBC Server Stack-based Buffer Overflow Remote Code Execution Vulnerability
2022-10-11 00:00:00
prion
prion
Path traversal
2022-10-14 20:15:00
Stack overflow
2022-10-14 20:15:00
Path traversal
2022-10-14 20:15:00
checkpoint_advisories
checkpoint_advisories
Adobe ColdFusion Heap-based Buffer Overflow (APSB22-44: CVE-2022-35711)
2022-10-13 00:00:00
Adobe ColdFusion Improper Restriction of XML External Entity (APSB22-44: CVE-2022-42341)
2022-10-13 00:00:00
Adobe ColdFusion Information Disclosure (APSB22-44: CVE-2022-38422)
2022-10-13 00:00:00
cnvd
cnvd
Adobe ColdFusion Path Traversal Vulnerability (CNVD-2023-08753)
2022-10-14 00:00:00
Adobe ColdFusion trust management issue vulnerability
2022-10-14 00:00:00
Adobe ColdFusion Path Traversal Vulnerability (CNVD-2023-08751)
2022-10-14 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.007 Low

EPSS

Percentile

80.8%

JSON
Related for COLDFUSION_WIN_APSB22-44.NASL
adobe1zdi11nvd13cve13cvelist13prion13checkpoint_advisories13cnvd10