Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ILO_SSO_UNAUTH_ACCESS.NASL
HistorySep 03, 2013 - 12:00 a.m.

iLO 3 < 1.57 / iLO 4 < 1.22 Unspecified Arbitrary Code Execution

2013-09-0300:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
100
JSON

According to its version number and single sign-on settings, the remote HP Integrated Lights-Out (iLO) server is affected by an arbitrary code execution vulnerability in its web interface.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(69554);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2013-2338");
  script_bugtraq_id(60480);

  script_name(english:"iLO 3 < 1.57 / iLO 4 < 1.22 Unspecified Arbitrary Code Execution");
  script_summary(english:"Checks version of HP Integrated Lights-Out (iLO) and whether SSO is enabled.");

  script_set_attribute(attribute:"synopsis", value:
"The remote HP Integrated Lights-Out (iLO) server's web interface is
affected by a remote code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its version number and single sign-on settings, the
remote HP Integrated Lights-Out (iLO) server is affected by an
arbitrary code execution vulnerability in its web interface.");
  # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03787836-3
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?69c1ba3e");
  script_set_attribute(attribute:"solution", value:
"For HP Integrated Lights-Out (iLO) 3, disable single sign-on or
upgrade firmware to 1.57 or later. For iLO 4, disable single sign-on
or upgrade firmware to 1.22 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2338");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/06/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/03");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_4_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ilo_detect.nasl");
  script_require_keys("Settings/ParanoidReport", "www/ilo", "ilo/generation", "ilo/firmware");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("http.inc");
include("misc_func.inc");
include("webapp_func.inc");

if (report_paranoia < 2)
  audit(AUDIT_PARANOID);

# Each generation has its own series of firmware version numbers.
generation = get_kb_item_or_exit("ilo/generation");

# The version is tied to the firmware and not specific to the web interface.
version = get_kb_item_or_exit("ilo/firmware");

port = get_http_port(default:80, embedded:TRUE);

install = get_install_from_kb(
  appname      : "ilo",
  port         : port,
  exit_on_fail : TRUE
);
install_url = build_url(port:port, qs:install["dir"]);

# The vulnerability exists in the single sign-on feature.
get_kb_item_or_exit("www/ilo/" + port + "/sso_enabled");

# Firmware is unique to the generation of iLO.
if (generation == 3)
  fixed_version = "1.57";
else if (generation == 4)
  fixed_version = "1.22";
else
  audit(AUDIT_WEB_APP_NOT_AFFECTED, "iLO " + generation, install_url, version);

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) >= 0)
  audit(AUDIT_WEB_APP_NOT_AFFECTED, "iLO " + generation, install_url, version);

report = NULL;
if (report_verbosity > 0)
{
  report =
    '\n URL              : ' + install_url +
    '\n Generation       : ' + generation +
    '\n Firmware version : ' + version +
    '\n Fixed version    : ' + fixed_version +
    '\n';
}

security_hole(port:port, extra:report);
VendorProductVersionCPE
hpintegrated_lights-out_3_firmwarecpe:/o:hp:integrated_lights-out_3_firmware
hpintegrated_lights-out_4_firmwarecpe:/o:hp:integrated_lights-out_4_firmware

Related

prion 1
securityvulns 2
openvas 1
cve 1
cvelist 1
prion
prion
Code injection
2013-06-14 19:55:00
securityvulns
securityvulns
[security bulletin] HPSBHF02885 rev.1 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On &#40;SSO&#41;, Remote Unauthorized Access
2013-06-17 00:00:00
HP Integrated Lights-Out unauthorized access
2013-06-17 00:00:00
openvas
openvas
HP Integrated Lights-Out (iLO) Remote Unauthorized Access Vulnerability
2013-09-10 00:00:00
cve
cve
CVE-2013-2338
2013-06-14 19:55:00
cvelist
cvelist
CVE-2013-2338
2022-10-03 16:15:00
JSON
Related for ILO_SSO_UNAUTH_ACCESS.NASL
prion1securityvulns2openvas1cve1cvelist1