Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.HP_DEVICE_MANAGER_5_0_4.NASL
HistoryOct 07, 2020 - 12:00 a.m.

HP Device Manager 4.x < 4.7 SP 13 / 5.x < 5.0.4 Multiple Vulnerabilities

2020-10-0700:00:00
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
82
JSON

According to its self-reported version number, the version of HP Device Manager installed on the remote Windows host is 4.x prior to 4.7 SP 13 or 5.x prior to 5.0.4. It is, therefore, affected by multiple vulnerabilities:

  • A weak cipher implementation that is susceptible to dictionary attacks. (CVE-2020-6925)

  • An unauthenticated RMI object call that can allow an unauthenticated remote attacker to inject HQL that injects SQL that will run on the bundled PostgreSQL database. (CVE-2020-6926)

  • A local privilege escalation vulnerability in the bundled PostgreSQL database. It has a default user account (dm_postgres) with a trivial password (single space). This can allow a local attacker to connect to the database and perform SQL queries leading to code execution as SYSTEM. (CVE-2020-6927)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
##

include('compat.inc');

if (description)
{
  script_id(141251);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id("CVE-2020-6925", "CVE-2020-6926", "CVE-2020-6927");
  script_xref(name:"CEA-ID", value:"CEA-2020-0125");

  script_name(english:"HP Device Manager 4.x < 4.7 SP 13 / 5.x < 5.0.4 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A thin client device manager running on the remote host is affected by a multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the version of HP Device Manager installed on the remote Windows host
is 4.x prior to 4.7 SP 13 or 5.x prior to 5.0.4. It is, therefore, affected by multiple vulnerabilities:

  - A weak cipher implementation that is susceptible to dictionary attacks. (CVE-2020-6925)

  - An unauthenticated RMI object call that can allow an unauthenticated remote attacker to inject HQL that injects SQL
    that will run on the bundled PostgreSQL database. (CVE-2020-6926)

  - A local privilege escalation vulnerability in the bundled PostgreSQL database. It has a default user account
    (dm_postgres) with a trivial password (single space). This can allow a local attacker to connect to the database
    and perform SQL queries leading to code execution as SYSTEM. (CVE-2020-6927)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://nickbloor.co.uk/2020/10/05/hp-device-manager-cve-2020-6925-cve-2020-6926-cve-2020-6927/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bc627f7a");
  script_set_attribute(attribute:"see_also", value:"https://support.hp.com/us-en/document/c06921908");
  script_set_attribute(attribute:"solution", value:
"Upgrade to HP Device Manager version 4.7 SP 13 or 5.0.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6926");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/09/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:hp:device_manager");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("hp_device_manager.nbin");
  script_require_keys("installed_sw/HP Device Manager");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'HP Device Manager', win_local:TRUE);

var constraints = [
  # 4.7.3630.35564 is the 4.7 SP12 (vuln) gateway version
  # 5.0.3630.38524 is the 5.0.4 (patched) gateway version
  { 'min_version':'4.0.0', 'max_version':'4.7.3630.35564', 'fixed_display':'4.7 SP13' },
  { 'min_version':'5.0.0', 'fixed_version':'5.0.3630.38524', 'fixed_display':'5.0.3630.38524 (5.0.4)' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
hpdevice_managerx-cpe:/a:hp:device_manager

Related

attackerkb 1
hp 1
rapid7blog 1
nessus 1
cve 3
attackerkb
attackerkb
Multiple vulnerabilities in HP Device Manager
2020-10-06 00:00:00
hp
hp
HPSBHF03689 rev. 2 - HP Device Manager Weak Cipher Implementation, Remote Method Invocation, and Elevation of Privilege
2020-09-25 00:00:00
rapid7blog
rapid7blog
HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know
2020-10-02 17:06:15
nessus
nessus
HP Device Manager Unauthenticated 'HPDM Server RMI' SQLi (CVE-2020-6926) (remote)
2020-10-09 00:00:00
cve
cve
CVE-2020-6925
2022-02-25 11:32:11
CVE-2020-6926
2022-02-25 11:32:11
CVE-2020-6927
2022-02-25 11:32:11
JSON
Related for HP_DEVICE_MANAGER_5_0_4.NASL
attackerkb1hp1rapid7blog1nessus1cve3