Polycom SoundPoint IP Phones reg_1.html SIP Information Disclosure
2011-06-22T00:00:00
ID POLYCOM_SIP_PASSWORD_DISCLOSURE.NASL Type nessus Reporter Tenable Modified 2018-08-08T00:00:00
Description
The remote Polycom SoundPoint IP phone hosts a page, 'reg_1.htm', that discloses the SIP account password for the associated phone line. A remote attacker could use this information to mount further attacks.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(55402);
script_version("1.4");
script_cvs_date("Date: 2018/08/08 12:52:13");
script_bugtraq_id(48316);
script_xref(name:"EDB-ID", value:"17377");
script_xref(name:"Secunia", value:"44835");
script_name(english:"Polycom SoundPoint IP Phones reg_1.html SIP Information Disclosure");
script_summary(english:"Tries to obtain the phone's SIP password.");
script_set_attribute(
attribute:"synopsis",
value:"The remote telephone device discloses sensitive information."
);
script_set_attribute(
attribute:"description",
value:
"The remote Polycom SoundPoint IP phone hosts a page, 'reg_1.htm',
that discloses the SIP account password for the associated phone line.
A remote attacker could use this information to mount further
attacks."
);
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?119851ff"
);
script_set_attribute(
attribute:"solution",
value:"Upgrade the firmware to version 3.2.2 or greater."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/09");
script_set_attribute(attribute:"patch_publication_date", value:"2009/12/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
script_dependencies("http_version.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80, embedded:TRUE);
banner = get_http_banner(port:port, exit_on_fail:TRUE);
if ("Server: Polycom SoundPoint" >!< banner)
exit(0, "The web server on port "+port+" does not appear to be from a Polycom SoundPoint device.");
res = http_send_recv3(
method : "GET",
item : '/reg_1.htm',
port : port,
exit_on_fail : TRUE
);
sip_password = NULL;
if ('name="reg.1.auth.userId"' >< res[2] && 'name="reg.1.auth.password"' >< res[2])
{
sip_password_pat = '^.*<input value="([^"]+)" type="password" name="reg\\.1\\.auth\\.password\"';
foreach line (split(res[2], keep:FALSE))
{
matches = eregmatch(string:line, pattern:sip_password_pat);
if (matches)
{
sip_password = matches[1];
break;
}
}
}
if (!isnull(sip_password))
{
if (report_verbosity > 0)
{
report = '\n SIP Password : ' + sip_password + '\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
}
else exit(0, "The remote Polycom device is not affected.");
{"id": "POLYCOM_SIP_PASSWORD_DISCLOSURE.NASL", "bulletinFamily": "scanner", "title": "Polycom SoundPoint IP Phones reg_1.html SIP Information Disclosure", "description": "The remote Polycom SoundPoint IP phone hosts a page, 'reg_1.htm', that discloses the SIP account password for the associated phone line. A remote attacker could use this information to mount further attacks.", "published": "2011-06-22T00:00:00", "modified": "2018-08-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=55402", "reporter": "Tenable", "references": ["http://www.nessus.org/u?119851ff"], "cvelist": [], "type": "nessus", "lastseen": "2019-02-21T01:15:06", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote Polycom SoundPoint IP phone hosts a page, 'reg_1.htm',\nthat discloses the SIP account password for the associated phone line. \nA remote attacker could use this information to mount further\nattacks.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-01-16T20:12:17", "references": []}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "2d52ba9e72ff566dc60bb1fb31150cd865f5ca18b3b40f98682c5e4ddc695153", "hashmap": [{"hash": "362906da5863ade97b152f94db45d79a", "key": "pluginID"}, {"hash": "2ed20fb8a554ba8bfe87ebb023a60534", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "228f4249f6f552c28d42b7d5109c86e6", "key": "title"}, {"hash": "5dbf9674fcdfff6fef3c86f86bc3f092", "key": "references"}, {"hash": "e65243ce60a3f08d5c3e542b74a4fb8e", "key": "href"}, {"hash": "63329048f010c87d85370bb01ea70b93", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "1682a2b9cff21b11a8692b57dc3b27c8", "key": "published"}, {"hash": "4ca458d4139d920bd71689b40e3add60", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=55402", "id": "POLYCOM_SIP_PASSWORD_DISCLOSURE.NASL", "lastseen": "2019-01-16T20:12:17", "modified": "2018-08-08T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "55402", "published": "2011-06-22T00:00:00", "references": ["http://www.nessus.org/u?119851ff"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55402);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/08 12:52:13\");\n\n script_bugtraq_id(48316);\n script_xref(name:\"EDB-ID\", value:\"17377\");\n script_xref(name:\"Secunia\", value:\"44835\");\n\n script_name(english:\"Polycom SoundPoint IP Phones reg_1.html SIP Information Disclosure\");\n script_summary(english:\"Tries to obtain the phone's SIP password.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote telephone device discloses sensitive information.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Polycom SoundPoint IP phone hosts a page, 'reg_1.htm',\nthat discloses the SIP account password for the associated phone line. \nA remote attacker could use this information to mount further\nattacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?119851ff\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the firmware to version 3.2.2 or greater.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80, embedded:TRUE);\nbanner = get_http_banner(port:port, exit_on_fail:TRUE);\n\nif (\"Server: Polycom SoundPoint\" >!< banner)\n exit(0, \"The web server on port \"+port+\" does not appear to be from a Polycom SoundPoint device.\");\n\nres = http_send_recv3(\n method : \"GET\", \n item : '/reg_1.htm', \n port : port, \n exit_on_fail : TRUE\n);\n\nsip_password = NULL;\nif ('name=\"reg.1.auth.userId\"' >< res[2] && 'name=\"reg.1.auth.password\"' >< res[2])\n{\n sip_password_pat = '^.*<input value=\"([^\"]+)\" type=\"password\" name=\"reg\\\\.1\\\\.auth\\\\.password\\\"';\n\n foreach line (split(res[2], keep:FALSE))\n {\n matches = eregmatch(string:line, pattern:sip_password_pat);\n if (matches) \n {\n sip_password = matches[1];\n break;\n }\n }\n}\n\nif (!isnull(sip_password))\n{\n if (report_verbosity > 0)\n {\n report = '\\n SIP Password : ' + sip_password + '\\n';\n security_warning(port:port, extra:report);\n } \n else security_warning(port);\n}\nelse exit(0, \"The remote Polycom device is not affected.\");\n", "title": "Polycom SoundPoint IP Phones reg_1.html SIP Information Disclosure", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 3, "lastseen": "2019-01-16T20:12:17"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote Polycom SoundPoint IP phone hosts a page, 'reg_1.htm', that discloses the SIP account password for the associated phone line. A remote attacker could use this information to mount further attacks.", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "bbddcfb8b8712623bf7598199ed6d5a80c1ffd33d07c42820c6a4ff9e269a602", "hashmap": [{"hash": "362906da5863ade97b152f94db45d79a", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "fa3aca0cc2782b4038d11c7d9b58dc76", "key": "sourceData"}, {"hash": "228f4249f6f552c28d42b7d5109c86e6", "key": "title"}, {"hash": "5dbf9674fcdfff6fef3c86f86bc3f092", "key": "references"}, {"hash": "e65243ce60a3f08d5c3e542b74a4fb8e", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "94a483006dcc14813881d4303fbe2a9b", "key": "description"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "1682a2b9cff21b11a8692b57dc3b27c8", "key": "published"}, {"hash": "fd287599197297921faa08e60b62a500", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=55402", "id": "POLYCOM_SIP_PASSWORD_DISCLOSURE.NASL", "lastseen": "2016-09-26T17:26:06", "modified": "2011-10-24T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.2", "pluginID": "55402", "published": "2011-06-22T00:00:00", "references": ["http://www.nessus.org/u?119851ff"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55402);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2011/10/24 19:37:28 $\");\n\n script_bugtraq_id(48316);\n script_osvdb_id(73117);\n script_xref(name:\"EDB-ID\", value:\"17377\");\n script_xref(name:\"Secunia\", value:\"44835\");\n\n script_name(english:\"Polycom SoundPoint IP Phones reg_1.html SIP Information Disclosure\");\n script_summary(english:\"Tries to obtain the phone's SIP password.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote telephone device discloses sensitive information.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Polycom SoundPoint IP phone hosts a page, 'reg_1.htm',\nthat discloses the SIP account password for the associated phone line. \nA remote attacker could use this information to mount further\nattacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?119851ff\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the firmware to version 3.2.2 or greater.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2011 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80, embedded:TRUE);\nbanner = get_http_banner(port:port, exit_on_fail:TRUE);\n\nif (\"Server: Polycom SoundPoint\" >!< banner)\n exit(0, \"The web server on port \"+port+\" does not appear to be from a Polycom SoundPoint device.\");\n\nres = http_send_recv3(\n method : \"GET\", \n item : '/reg_1.htm', \n port : port, \n exit_on_fail : TRUE\n);\n\nsip_password = NULL;\nif ('name=\"reg.1.auth.userId\"' >< res[2] && 'name=\"reg.1.auth.password\"' >< res[2])\n{\n sip_password_pat = '^.*<input value=\"([^\"]+)\" type=\"password\" name=\"reg\\\\.1\\\\.auth\\\\.password\\\"';\n\n foreach line (split(res[2], keep:FALSE))\n {\n matches = eregmatch(string:line, pattern:sip_password_pat);\n if (matches) \n {\n sip_password = matches[1];\n break;\n }\n }\n}\n\nif (!isnull(sip_password))\n{\n if (report_verbosity > 0)\n {\n report = '\\n SIP Password : ' + sip_password + '\\n';\n security_warning(port:port, extra:report);\n } \n else security_warning(port);\n}\nelse exit(0, \"The remote Polycom device is not affected.\");\n", "title": "Polycom SoundPoint IP Phones reg_1.html SIP Information Disclosure", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:26:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote Polycom SoundPoint IP phone hosts a page, 'reg_1.htm', that discloses the SIP account password for the associated phone line. A remote attacker could use this information to mount further attacks.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "c0365d94c39b61e10e4a50ded05966a9fc8f492617d7ba2687f3748784d09088", "hashmap": [{"hash": "362906da5863ade97b152f94db45d79a", "key": "pluginID"}, {"hash": "2ed20fb8a554ba8bfe87ebb023a60534", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "228f4249f6f552c28d42b7d5109c86e6", "key": "title"}, {"hash": "5dbf9674fcdfff6fef3c86f86bc3f092", "key": "references"}, {"hash": "e65243ce60a3f08d5c3e542b74a4fb8e", "key": "href"}, {"hash": "63329048f010c87d85370bb01ea70b93", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "94a483006dcc14813881d4303fbe2a9b", "key": "description"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "1682a2b9cff21b11a8692b57dc3b27c8", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=55402", "id": "POLYCOM_SIP_PASSWORD_DISCLOSURE.NASL", "lastseen": "2018-08-10T17:28:28", "modified": "2018-08-08T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "55402", "published": "2011-06-22T00:00:00", "references": ["http://www.nessus.org/u?119851ff"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55402);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/08 12:52:13\");\n\n script_bugtraq_id(48316);\n script_xref(name:\"EDB-ID\", value:\"17377\");\n script_xref(name:\"Secunia\", value:\"44835\");\n\n script_name(english:\"Polycom SoundPoint IP Phones reg_1.html SIP Information Disclosure\");\n script_summary(english:\"Tries to obtain the phone's SIP password.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote telephone device discloses sensitive information.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Polycom SoundPoint IP phone hosts a page, 'reg_1.htm',\nthat discloses the SIP account password for the associated phone line. \nA remote attacker could use this information to mount further\nattacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?119851ff\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the firmware to version 3.2.2 or greater.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80, embedded:TRUE);\nbanner = get_http_banner(port:port, exit_on_fail:TRUE);\n\nif (\"Server: Polycom SoundPoint\" >!< banner)\n exit(0, \"The web server on port \"+port+\" does not appear to be from a Polycom SoundPoint device.\");\n\nres = http_send_recv3(\n method : \"GET\", \n item : '/reg_1.htm', \n port : port, \n exit_on_fail : TRUE\n);\n\nsip_password = NULL;\nif ('name=\"reg.1.auth.userId\"' >< res[2] && 'name=\"reg.1.auth.password\"' >< res[2])\n{\n sip_password_pat = '^.*<input value=\"([^\"]+)\" type=\"password\" name=\"reg\\\\.1\\\\.auth\\\\.password\\\"';\n\n foreach line (split(res[2], keep:FALSE))\n {\n matches = eregmatch(string:line, pattern:sip_password_pat);\n if (matches) \n {\n sip_password = matches[1];\n break;\n }\n }\n}\n\nif (!isnull(sip_password))\n{\n if (report_verbosity > 0)\n {\n report = '\\n SIP Password : ' + sip_password + '\\n';\n security_warning(port:port, extra:report);\n } \n else security_warning(port);\n}\nelse exit(0, \"The remote Polycom device is not affected.\");\n", "title": "Polycom SoundPoint IP Phones reg_1.html SIP Information Disclosure", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 2, "lastseen": "2018-08-10T17:28:28"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "94a483006dcc14813881d4303fbe2a9b"}, {"key": "href", "hash": "e65243ce60a3f08d5c3e542b74a4fb8e"}, {"key": "modified", "hash": "63329048f010c87d85370bb01ea70b93"}, {"key": "naslFamily", "hash": "07948b8ff59e8dda0b01012f70f00327"}, {"key": "pluginID", "hash": "362906da5863ade97b152f94db45d79a"}, {"key": "published", "hash": "1682a2b9cff21b11a8692b57dc3b27c8"}, {"key": "references", "hash": "5dbf9674fcdfff6fef3c86f86bc3f092"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "2ed20fb8a554ba8bfe87ebb023a60534"}, {"key": "title", "hash": "228f4249f6f552c28d42b7d5109c86e6"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "c0365d94c39b61e10e4a50ded05966a9fc8f492617d7ba2687f3748784d09088", "viewCount": 0, "enchantments": {"dependencies": {"references": [], "modified": "2019-02-21T01:15:06"}, "score": {"value": 0.1, "vector": "NONE", "modified": "2019-02-21T01:15:06"}, "vulnersScore": 0.1}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55402);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/08 12:52:13\");\n\n script_bugtraq_id(48316);\n script_xref(name:\"EDB-ID\", value:\"17377\");\n script_xref(name:\"Secunia\", value:\"44835\");\n\n script_name(english:\"Polycom SoundPoint IP Phones reg_1.html SIP Information Disclosure\");\n script_summary(english:\"Tries to obtain the phone's SIP password.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote telephone device discloses sensitive information.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Polycom SoundPoint IP phone hosts a page, 'reg_1.htm',\nthat discloses the SIP account password for the associated phone line. \nA remote attacker could use this information to mount further\nattacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?119851ff\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the firmware to version 3.2.2 or greater.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80, embedded:TRUE);\nbanner = get_http_banner(port:port, exit_on_fail:TRUE);\n\nif (\"Server: Polycom SoundPoint\" >!< banner)\n exit(0, \"The web server on port \"+port+\" does not appear to be from a Polycom SoundPoint device.\");\n\nres = http_send_recv3(\n method : \"GET\", \n item : '/reg_1.htm', \n port : port, \n exit_on_fail : TRUE\n);\n\nsip_password = NULL;\nif ('name=\"reg.1.auth.userId\"' >< res[2] && 'name=\"reg.1.auth.password\"' >< res[2])\n{\n sip_password_pat = '^.*<input value=\"([^\"]+)\" type=\"password\" name=\"reg\\\\.1\\\\.auth\\\\.password\\\"';\n\n foreach line (split(res[2], keep:FALSE))\n {\n matches = eregmatch(string:line, pattern:sip_password_pat);\n if (matches) \n {\n sip_password = matches[1];\n break;\n }\n }\n}\n\nif (!isnull(sip_password))\n{\n if (report_verbosity > 0)\n {\n report = '\\n SIP Password : ' + sip_password + '\\n';\n security_warning(port:port, extra:report);\n } \n else security_warning(port);\n}\nelse exit(0, \"The remote Polycom device is not affected.\");\n", "naslFamily": "CGI abuses", "pluginID": "55402", "cpe": [], "scheme": null}
