9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
62.2%
The version of EMC RSA Archer running on the remote web server is prior to 6.7.0.3 (6.7 P3), 6.6 P6 (6.6.0.6) or 6.5 P7 (6.5.0.7). It is, therefore, affected by multiple vulnerabilities:
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. An authenticated malicious local user with access to the log files may obtain sensitive information to use it in further attacks (CVE-2020-5331).
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. An authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed (CVE-2020-5332).
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(136421);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/05/28");
script_cve_id("CVE-2020-5331", "CVE-2020-5332");
script_xref(name:"IAVA", value:"2020-A-0187-S");
script_name(english:"EMC RSA Archer < 6.7.0.3 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of EMC RSA Archer running on the remote web server is prior to 6.7.0.3 (6.7 P3), 6.6 P6 (6.6.0.6) or 6.5 P7
(6.5.0.7). It is, therefore, affected by multiple vulnerabilities:
- RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. An
authenticated malicious local user with access to the log files may obtain sensitive information to use it in further
attacks (CVE-2020-5331).
- RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. An authenticated
malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary
commands on the system where the vulnerable application is deployed (CVE-2020-5332).");
# https://www.dell.com/support/security/en-ie/details/DOC-111112/DSA-2020-049-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9524eeb5");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5332");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/27");
script_set_attribute(attribute:"patch_publication_date", value:"2020/02/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/08");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:emc:rsa_archer_egrc");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("emc_rsa_archer_detect.nbin");
script_require_ports("Services/www", 80, 443);
exit(0);
}
include('http.inc');
include('vcf.inc');
app_name = 'EMC RSA Archer';
port = get_http_port(default:80);
app_info = vcf::get_app_info(app:app_name, webapp:TRUE, port:port);
constraints = [
{'min_version' : '6.5.0', 'fixed_version' : '6.5.0.7', 'fixed_display' : '6.5 P7 (6.5.0.7)'},
{'min_version' : '6.6.0', 'fixed_version' : '6.6.0.6', 'fixed_display' : '6.6 P6 (6.6.0.6)'},
{'min_version' : '6.7.0', 'fixed_version' : '6.7.0.3', 'fixed_display' : '6.7 P3 (6.7.0.3)'}
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
emc | rsa_archer_egrc | cpe:/a:emc:rsa_archer_egrc |
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
62.2%