According to the web server’s banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is prior to 7.2.6. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries :
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(90251);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id(
"CVE-2014-0015",
"CVE-2014-0138",
"CVE-2014-0139",
"CVE-2014-2522",
"CVE-2014-2641",
"CVE-2014-3569",
"CVE-2014-3570",
"CVE-2014-3571",
"CVE-2014-3572",
"CVE-2014-8275",
"CVE-2015-0204",
"CVE-2015-0205",
"CVE-2015-0206",
"CVE-2015-0207",
"CVE-2015-0208",
"CVE-2015-0209",
"CVE-2015-0285",
"CVE-2015-0286",
"CVE-2015-0287",
"CVE-2015-0288",
"CVE-2015-0289",
"CVE-2015-0290",
"CVE-2015-0291",
"CVE-2015-0292",
"CVE-2015-0293",
"CVE-2015-1788",
"CVE-2015-1789",
"CVE-2015-1790",
"CVE-2015-1791",
"CVE-2015-1792",
"CVE-2015-3143",
"CVE-2015-3145",
"CVE-2015-3148"
);
script_bugtraq_id(
65270,
66296,
66457,
66458,
70208,
71934,
71935,
71936,
71937,
71939,
71940,
71941,
71942,
73225,
73226,
73227,
73228,
73229,
73230,
73231,
73232,
73234,
73235,
73237,
73239,
74299,
74301,
74303,
75154,
75156,
75157,
75158,
75161
);
script_xref(name:"CERT", value:"243585");
script_xref(name:"HP", value:"HPSBMU03422");
script_xref(name:"HP", value:"emr_na-c04805275");
script_xref(name:"HP", value:"SSRT101438");
script_xref(name:"HP", value:"SSRT101447");
script_xref(name:"HP", value:"SSRT102109");
script_name(english:"HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to the web server's banner, the version of HP System
Management Homepage (SMH) hosted on the remote web server is prior to
7.2.6. It is, therefore, affected by multiple vulnerabilities,
including remote code execution vulnerabilities, in several components
and third-party libraries :
- HP SMH (XSRF)
- libcurl
- OpenSSL");
# https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04805275
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5bc0a4e1");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20150108.txt");
script_set_attribute(attribute:"see_also", value:"https://www.smacktls.com/#freak");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20150319.txt");
script_set_attribute(attribute:"solution", value:
"Upgrade to HP System Management Homepage (SMH) version 7.2.6 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/14");
script_set_attribute(attribute:"patch_publication_date", value:"2015/08/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/29");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:system_management_homepage");
script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
script_set_attribute(attribute:"cpe", value:"cpe:/a:haxx:curl");
script_set_attribute(attribute:"cpe", value:"cpe:/a:haxx:libcurl");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2016-2022 Tenable Network Security, Inc.");
script_dependencies("compaq_wbem_detect.nasl");
script_require_keys("www/hp_smh");
script_require_ports("Services/www", 2301, 2381);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
get_kb_item_or_exit("www/hp_smh");
port = get_http_port(default:2381, embedded:TRUE);
install = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE);
dir = install['dir'];
version = install['ver'];
prod = get_kb_item_or_exit("www/"+port+"/hp_smh/variant");
if (version == UNKNOWN_VER) exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+"/")+' is unknown.');
# nb: 'version' can have non-numeric characters in it so we'll create
# an alternate form and make sure that's safe for use in 'ver_compare()'.
version_alt = ereg_replace(pattern:"[_-]", replace:".", string:version);
if (!ereg(pattern:"^[0-9][0-9.]+$", string:version_alt)) exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+"/")+' does not look valid ('+version+').');
fixed_version = '7.2.6';
if (ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1)
{
source_line = get_kb_item("www/"+port+"/hp_smh/source");
report = '\n Product : ' + prod;
if (!isnull(source_line))
report += '\n Version source : ' + source_line;
report +=
'\n Installed version : ' + version +
'\n Fixed version : ' + fixed_version +
'\n';
security_report_v4(severity:SECURITY_HOLE, port:port, extra:report, xsrf:TRUE);
}
else audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0207
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0208
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0285
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0290
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0292
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148
www.nessus.org/u?5bc0a4e1
www.openssl.org/news/secadv/20150108.txt
www.openssl.org/news/secadv/20150319.txt
www.smacktls.com/#freak