Tenable SecurityCenter 5.0.2 Audit File XSS (TNS-2015-12)

2016-03-16T00:00:00
ID SECURITYCENTER_5_2_0_AUDIT_XSS.NASL
Type nessus
Reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-01-02T00:00:00

Description

According to its version, the Tenable SecurityCenter application installed on the remote host is affected by a cross-site scripting (XSS) vulnerability due to improper validation of uploaded .audit files before they are rendered on the scan results page. An authenticated, remote attacker can exploit this, via a crafted .audit file that is later viewed by an administrator, to execute arbitrary code in the user

                                        
                                            #TRUSTED b1375a966b0e292832eaee837159832add59ab5bb0209b8f08c290c5181532a7cc148e6d4e0fdf2d6d5170639758aec6688667f64171db0db2ae87f58891890448ae2aad75ac14ec701f52878680220258d5a1fa85f5d63518c66b20aa6a63b4c02878c4b835066f2f5a79fc02cc8610fd5ad24c5114b16078a362b3069e9359fe08c8b9719ffe633e14fcf722b11eb926ee07a23a2ab1544401e7975554745b7cfdc5f2e6bef13da89629df410411bb780dc2211b6063dc3f418e9de9038c6a44e14ba6333d7e190a2f84b9ca925b042359727c148573c49f92f95d8d86357548048797f4fa93274b49af6e0424866ed3208bdaafc7e7c2f88df587242f5423b2e325f7275d6db4e35ad770d35558447f0d7a86a6df985b3ce18fa6233f8b2311cacff3d25123c93d93a747c5e6d80f5f7f5a798d4b3f2e896cd6414c2d5e42568ea37d4ae979c3b4bf37be5dff28fa5653a6ff5d658b34822e1ae491a5b4df1492056fa02d87fd6a8843d12d1ba6f3a829a43fb95b88138628b5dbac79431165f3778b70b93610b9effe318c5cf74f4ab323709d6f168e81d7269f376c32ca37f8bcfc504188213836b9219820096998a8317660d97910588a0e0996ef97edeaf37934aaedf4f177c2e1f416fa3e2a0c008805752a415fcbc9a2dd86c134536356e8d2d389542c0897bdc266914a06f33b9621ec1d0f73e46b1fab5c9a0e9f
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(89963);
  script_version("1.14");
  script_cvs_date("Date: 2019/11/19");

  script_cve_id("CVE-2015-8503");

  script_name(english:"Tenable SecurityCenter 5.0.2 Audit File XSS (TNS-2015-12)");
  script_summary(english:"Checks the SecurityCenter version.");

  script_set_attribute(attribute:"synopsis", value:
"The application installed on the remote host is affected by a
cross-site scripting vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its version, the Tenable SecurityCenter application
installed on the remote host is affected by a cross-site scripting
(XSS) vulnerability due to improper validation of uploaded .audit
files before they are rendered on the scan results page. An
authenticated, remote attacker can exploit this, via a crafted .audit
file that is later viewed by an administrator, to execute arbitrary
code in the user's browser session.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/tns-2015-12");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Tenable SecurityCenter version 5.2.0.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-8503");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/12/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tenable:securitycenter");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("securitycenter_installed.nbin", "securitycenter_detect.nbin");
  script_require_ports("Host/SecurityCenter/Version", "installed_sw/SecurityCenter");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

version = get_kb_item("Host/SecurityCenter/Version");
port = 0;
if(empty_or_null(version))
{
  port = 443;
  install = get_single_install(app_name:"SecurityCenter", combined:TRUE, exit_if_unknown_ver:TRUE);
  version = install["version"];
}

# Affects 5.0.2
if (version == "5.0.2")
{
  set_kb_item(name:'www/0/XSS', value:TRUE);
  report_items = make_array(
    "Installed version", version,
    "Fixed version", "5.2.0"
  );
  report = report_items_str(report_items:report_items);
  security_report_v4(severity:SECURITY_WARNING, port:port, extra:report);
}
else audit(AUDIT_INST_VER_NOT_VULN, 'SecurityCenter', version);