EMC RSA Archer < 6.6.0.6 and < 6.7.0.3 authorization bypass

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(139749);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/05/28");

  script_cve_id("CVE-2020-5333");
  script_xref(name:"IAVA", value:"2020-A-0187-S");

  script_name(english:"EMC RSA Archer < 6.6.0.6 and < 6.7.0.3 authorization bypass");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of EMC RSA Archer running on the remote web server is prior to 6.7.0.3 (6.7 P3) or 6.6 P6 (6.6.0.6). It is,
therefore, affected by an authorization bypass vulnerability. A remote authenticated malicious user could potentially
exploit this vulnerability to view sensitive information.");
  # https://www.dell.com/support/security/en-ie/details/DOC-111112/DSA-2020-049-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9524eeb5");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5333");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/02/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/08/21");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:emc:rsa_archer_egrc");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("emc_rsa_archer_detect.nbin");
  script_require_ports("Services/www", 80, 443);

  exit(0);
}


include('http.inc');
include('vcf.inc');

app_name = 'EMC RSA Archer';
port = get_http_port(default:80);

app_info = vcf::get_app_info(app:app_name, webapp:TRUE, port:port);

constraints = [
  {'min_version' : '6.6.0', 'fixed_version' : '6.6.0.6', 'fixed_display' : '6.6 P6 (6.6.0.6)'},
  {'min_version' : '6.7.0', 'fixed_version' : '6.7.0.3', 'fixed_display' : '6.7 P3 (6.7.0.3)'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);