Lucene search
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.IBM_SPP_CVE-2020-15778.NASLHistoryJun 30, 2021 - 12:00 a.m.
IBM Spectrum Protect Plus OpenSSH Remote Command Injection
2021-06-3000:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
153
8.2 High
AI Score
Confidence
High
The IBM Spectrum Protect Plus running on the remote host is affected by a remote command injection vulnerability due to improper input validation in the remote function in scp.c. An unauthenticated, remote attacker can exploit this, by using backtick characters in the destination argument, to execute arbitrary commands on the system.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(151155);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/12");
script_cve_id("CVE-2020-15778");
script_name(english:"IBM Spectrum Protect Plus OpenSSH Remote Command Injection");
script_set_attribute(attribute:"synopsis", value:
"A web application running on the remote host is affected by a
remote command injection vulnerability.");
script_set_attribute(attribute:"description", value:
"The IBM Spectrum Protect Plus running on the remote host is affected by a remote command injection vulnerability due
to improper input validation in the remote function in scp.c. An unauthenticated, remote attacker can exploit this, by
using backtick characters in the destination argument, to execute arbitrary commands on the system.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/6255652");
script_set_attribute(attribute:"solution", value:
"Upgrade The IBM Spectrum Protect Plus to 10.1.6 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-15778");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/08/03");
script_set_attribute(attribute:"patch_publication_date", value:"2020/08/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/30");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:spectrum_protect_plus");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ibm_spp_webui_detect.nbin");
script_require_keys("installed_sw/IBM Spectrum Protect Plus Web UI");
script_require_ports("Services/www", 443);
exit(0);
}
include('http.inc');
include('vcf.inc');
var app_name = 'IBM Spectrum Protect Plus Web UI';
var port = get_http_port(default:443);
var app = vcf::get_app_info(app:app_name, port:port, webapp:TRUE);
#we add additional .0 for the build number
var constraints = [
{'min_version' : '10.1.0.0', 'fixed_version' : '10.1.6.0', 'fixed_display' : '10.1.6'}
];
vcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | spectrum_protect_plus | cpe:/a:ibm:spectrum_protect_plus |
Related
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.6.0 : openssh (EulerOS-SA-2021-2018)
2021-06-30 00:00:00
EulerOS 2.0 SP8 : openssh (EulerOS-SA-2021-1993)
2021-06-28 00:00:00
EulerOS Virtualization for ARM 64 3.0.2.0 : openssh (EulerOS-SA-2021-2097)
2021-07-02 00:00:00
ibm
ibm
cbl_mariner
cbl_mariner
CVE-2020-15778 affecting package openssh 8.0p1-13
2020-11-30 19:30:42
cve
cve
CVE-2020-15778
2020-07-24 14:15:00
CVE-2023-38336
2023-07-14 22:15:09
openvas
openvas
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2021-2018)
2021-07-01 00:00:00
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2021-1993)
2021-06-29 00:00:00
OpenBSD OpenSSH <= 8.6 Command Injection Vulnerability
2020-08-03 00:00:00
gentoo
gentoo
OpenSSH: Multiple Vulnerabilities
2022-12-28 00:00:00
redhatcve
redhatcve
CVE-2020-15778
2020-07-24 18:37:46
ubuntucve
ubuntucve
CVE-2020-15778
2020-07-24 00:00:00
CVE-2023-38336
2023-07-14 00:00:00
f5
f5
K04305530 : SCP vulnerability CVE-2020-15778
2020-09-23 00:00:00
githubexploit
githubexploit
Exploit for OS Command Injection in Openbsd Openssh
2021-07-15 01:04:24
Exploit for OS Command Injection in Openbsd Openssh
2020-07-18 05:15:05
alpinelinux
alpinelinux
CVE-2020-15778
2020-07-24 14:15:00
prion
prion
Command injection
2020-07-24 14:15:00
Command injection
2023-07-14 22:15:00
debiancve
debiancve
CVE-2020-15778
2020-07-24 14:15:00
CVE-2023-38336
2023-07-14 22:15:09
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
avleonov
avleonov