EMC RSA Archer < 6.7.0.3 Multiple Vulnerabilities

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(136421);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/05/28");

  script_cve_id("CVE-2020-5331", "CVE-2020-5332");
  script_xref(name:"IAVA", value:"2020-A-0187-S");

  script_name(english:"EMC RSA Archer < 6.7.0.3 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of EMC RSA Archer running on the remote web server is prior to 6.7.0.3 (6.7 P3), 6.6 P6 (6.6.0.6) or 6.5 P7
(6.5.0.7). It is, therefore, affected by multiple vulnerabilities:

- RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. An
authenticated malicious local user with access to the log files may obtain sensitive information to use it in further
attacks (CVE-2020-5331).

- RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. An authenticated
malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary
commands on the system where the vulnerable application is deployed (CVE-2020-5332).");
  # https://www.dell.com/support/security/en-ie/details/DOC-111112/DSA-2020-049-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9524eeb5");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5332");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/02/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/08");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:emc:rsa_archer_egrc");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("emc_rsa_archer_detect.nbin");
  script_require_ports("Services/www", 80, 443);

  exit(0);
}


include('http.inc');
include('vcf.inc');

app_name = 'EMC RSA Archer';
port = get_http_port(default:80);

app_info = vcf::get_app_info(app:app_name, webapp:TRUE, port:port);

constraints = [
  {'min_version' : '6.5.0', 'fixed_version' : '6.5.0.7', 'fixed_display' : '6.5 P7 (6.5.0.7)'},
  {'min_version' : '6.6.0', 'fixed_version' : '6.6.0.6', 'fixed_display' : '6.6 P6 (6.6.0.6)'},
  {'min_version' : '6.7.0', 'fixed_version' : '6.7.0.3', 'fixed_display' : '6.7 P3 (6.7.0.3)'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);