Intel Dynamic Tuning Technology Software Privilege Escalation (INTEL-SA-00984)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(197406);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/20");

  script_cve_id("CVE-2024-21813");
  script_xref(name:"IAVA", value:"2024-A-0293");

  script_name(english:"Intel Dynamic Tuning Technology Software Privilege Escalation (INTEL-SA-00984)");

  script_set_attribute(attribute:"synopsis", value:
"Intel Dynamic Tuning Technology (DTT) software on the remote host is affected by a privilege escalation vulnerability.");
  script_set_attribute(attribute:"description", value:
"Improper access control in the Intel DTT Software before version 8.7.10802.26924 may allow an authenticated user to 
potentially enable escalation of privilege via local access.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00984.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a73752d0");
  # https://www.dell.com/support/kbdoc/en-us/000222722/dsa-2024-111-security-update-for-dell-client-platform-for-intel-dtt-software-installer-advisory
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?efef69b7");
  script_set_attribute(attribute:"solution", value:
"Update the Intel DTT Software to the latest version provided by the system manufacturer that addresses these issues.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-21813");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:intel:dynamic_tuning_technology");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("intel_dtt_detect.nbin");
  script_require_keys("installed_sw/Intel Dynamic Tuning Technology", "BIOS/Manufacturer", "BIOS/Model");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_info = vcf::get_app_info(app:'Intel Dynamic Tuning Technology');

vcf::check_granularity(app_info:app_info, sig_segments:4);

var fix_ver = '8.7.10802.26924';

var affected_dell_models = [
'Alienware Area 51m R2',
'Alienware m15 R3',
'Alienware m17 R3',
'Dell G3 3500',
'Dell G5 5000',
'Dell G5 5500',
'Dell G7 7500',
'Dell G7 7700',
'Inspiron 3501',
'Inspiron 3593',
'Inspiron 3793',
'Inspiron 5301',
'Inspiron 5402',
'Inspiron 5406 2-in-1',
'Inspiron 5409',
'Inspiron 5493',
'Inspiron 5502',
'Inspiron 5509',
'Inspiron 5593',
'Inspiron 7300',
'Inspiron 7306 2-in-1',
'Inspiron 7400',
'Inspiron 7490',
'Inspiron 7500',
'Inspiron 7501',
'Inspiron 7506 2-in-1',
'Inspiron 7706 2-in-1',
'Latitude 3310',
'Latitude 3310 2-In-1',
'Latitude 3410',
'Latitude 3510',
'Latitude 5400',
'Latitude 5410',
'Latitude 5411',
'Latitude 5500',
'Latitude 5510',
'Latitude 5511',
'Latitude 7210 2-in-1',
'Latitude 7220 Rugged Extreme',
'Latitude 7310',
'Latitude 7410',
'Latitude 9410',
'Latitude 9510 2in1',
'Latitude Rugged 7220EX',
'Precision 3540',
'Precision 3550',
'Precision 3551',
'Precision 5550',
'Precision 5750',
'Precision 7550',
'Precision 7750',
'Vostro 3400',
'Vostro 3401',
'Vostro 3500',
'Vostro 3501',
'Vostro 3590',
'Vostro 5301',
'Vostro 5402',
'Vostro 5502',
'Vostro 7500',
'XPS 13 7390',
'XPS 13 7390 2-in-1',
'XPS 13 9300',
'XPS 13 9310',
'XPS 13 9310 2-in-1',
'XPS 15 9500',
'XPS 17 9700'
];

# special check to ignore unaffected dell models
# https://www.dell.com/support/kbdoc/en-us/000216232/dsa-2023-179-security-update-for-an-intel-product-update-2023-3-dtt-software-advisory
var bios_manufacturer = get_kb_item_or_exit('BIOS/Manufacturer');
var dell_model = get_kb_item_or_exit('BIOS/Model');

# Including data so we can identify if it's a non issue of if it is a Lenovo model,
# When in 3 months Lenovo actually gives us versions so we can add them here.
if (bios_manufacturer !~ "^[Dd]ell [Ii]nc")
  audit(AUDIT_DEVICE_NOT_VULN, bios_manufacturer + " " + dell_model);

if (bios_manufacturer =~ "^[Dd]ell [Ii]nc" &&
  !collib::contains(affected_dell_models, dell_model))
  audit(AUDIT_DEVICE_NOT_VULN, dell_model);

var constraints = [
  { 'min_version' : '0', 'fixed_version' : fix_ver, 'fixed_display' : 'See vendor advisory'}
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING
);