NorthGrid Proself XXE (CVE-2023-45727)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(241641);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/07/10");

  script_cve_id("CVE-2023-45727");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/12/24");

  script_name(english:"NorthGrid Proself XXE (CVE-2023-45727)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of NorthGrid Proself installed on the remote host is Proself Enterprise/Standard Edition Ver5.62 and 
earlier, Proself Gateway Edition Ver1.65 and earlier, or Proself Mail Sanitize Edition Ver1.08 and earlier. These 
versions allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a 
specially crafted request containing malformed XML data, arbitrary files on the server containing account information 
may be read by the attacker.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.proself.jp/information/153/");
  script_set_attribute(attribute:"see_also", value:"https://jvn.jp/en/jp/JVN95981460/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to NorthGrid Proself Enterprise/Standard edition version 5.63 or later, Proself Gateway Edition version 1.66
or later, and Proself Mail Sanitize Edition version 1.09 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-45727");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/10/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/07/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:northgrid:proself");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("northgrid_proself_win_installed.nbin", "northgrid_proself_linux_installed.nbin");
  script_require_keys("installed_sw/NorthGrid Proself");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'NorthGrid Proself', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {
          'requires': [{'scope': 'install', 'match_one': {'sw_edition': ['Enterprise', 'Standard']}}],
          'fixed_version':'5.63'
        },
        {
          'requires': [{'scope': 'install', 'match': {'sw_edition': 'Gateway'}}],
          'fixed_version':'1.66'
        },
        {
          'requires': [{'scope': 'install', 'match': {'sw_edition': 'MailSanitize'}}],
          'fixed_version':'1.09'
        }
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);