2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0004 Low
EPSS
Percentile
12.6%
An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(112041);
script_version("1.2");
script_cvs_date("Date: 2019/11/04");
script_cve_id("CVE-2017-8445");
script_name(english:"Elasticsearch ESA-2017-15");
script_summary(english:"Checks the version of Elasticsearch.");
script_set_attribute(attribute:"synopsis", value:
"The remote web server hosts a Java application that is affected by an
unauthorised modification vulnerability.");
script_set_attribute(attribute:"description", value:
"An error was found in the X-Pack Security TLS trust manager for
versions 5.0.0 to 5.5.1. If reloading the trust material fails the
trust manager will be replaced with an instance that trusts all
certificates. This could allow any node using any certificate to join
a cluster. The proper behavior in this instance is for the TLS trust
manager to deny all certificates.");
script_set_attribute(attribute:"see_also", value:"https://www.elastic.co/community/security");
script_set_attribute(attribute:"solution", value:
"X-Pack Security users should upgrade to version 5.5.2. Please note
this attack cannot be triggered remotely. The most likely scenario
would be local system corruption. Even though crossing a trust
boundary cannot be forced by an attacker, we consider a security
feature failing in this manner to be a flaw.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-8445");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/17");
script_set_attribute(attribute:"patch_publication_date", value:"2017/08/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:elastic:x-pack");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("elasticsearch_detect.nbin");
script_require_keys("installed_sw/Elasticsearch");
script_require_ports("Services/www", 9200);
exit(0);
}
include("audit.inc");
include("http.inc");
include("vcf.inc");
app = "Elasticsearch";
get_install_count(app_name:app, exit_if_zero:TRUE);
port = get_http_port(default:9200);
app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);
if (empty_or_null(app_info["Plugins/X-Pack/security"]))
audit(AUDIT_WEB_APP_EXT_NOT_INST, app, app_info['path'], "X-Pack Security plugin");
constraints = [
{ "min_version" : "5.0.0", "fixed_version" : "5.5.2" }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0004 Low
EPSS
Percentile
12.6%