Tenable SecurityCenter 5.0.2 Audit File XSS (TNS-2015-12)

2016-03-16T00:00:00
ID SECURITYCENTER_5_2_0_AUDIT_XSS.NASL
Type nessus
Reporter Tenable
Modified 2018-08-13T00:00:00

Description

According to its version, the Tenable SecurityCenter application installed on the remote host is affected by a cross-site scripting (XSS) vulnerability due to improper validation of uploaded .audit files before they are rendered on the scan results page. An authenticated, remote attacker can exploit this, via a crafted .audit file that is later viewed by an administrator, to execute arbitrary code in the user's browser session.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

                                        
                                            #TRUSTED 7281e8e3cf19d44190b798d9e8a37884a8f218464b64e02b760d793c8bf90ab27cea3f24b924013636dda262c3a7a9193f52d14b6baf00fcb6618f3a386647fe2884a66743dee98c3cd9e69fa2b1752f3042e63e798801fc2daf603a5791b7378c14cc4aad8136fe586f6243af566d2cb6fa9c7c4cb5672ecad125c544b6b044eb277c015c01904829ddd7c25db709dbb22cb6a20a4d0993fcc63c7cda8f2617137debf99443d9f598a85de860d796e611dbb50d0f508d41d173f651243927dd5936092d1ad56cf6400d422c832ef482f61834578726c77c5addf501ae99387c2aedd60107cad39babc35630c259e6754eedc3d4145c26c2d2942d1d1b0152f5175d18b7bc655e6d0374fccb7c4a33a2261df6eba9ceac3f44252ea17fd74332effc1775dba5ffa3514ec8d7a327bfe0e7560d11969fd3d7502bae5db96f2c2ea0dc50444a818836a460ca7a25f6e20505c93c88da0f3526fcfb986075e1a8a9a3701689c8c8f2b9c985c953336dbbf4780843b8b3bd98a5881c6569e781f08e0537b6b0d34921662a6b7c46f086051b800a3d5237b8f8c9b2cc720be1a898c6ad357eed0d468bddc42ca8153fa800ef76bf2fd3906d5bc26e6ff05afec7b0a4c213fc1fbc285fa16be7330db13185da3896a6a65899e332cc4744346a1f388bad508e2db0a1a61ac1c6167de4399629c6238e32431749ec58751116cbb8a4c1
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(89963);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/08/13");

  script_cve_id("CVE-2015-8503");

  script_name(english:"Tenable SecurityCenter 5.0.2 Audit File XSS (TNS-2015-12)");
  script_summary(english:"Checks the SecurityCenter version.");

  script_set_attribute(attribute:"synopsis", value:
"The application installed on the remote host is affected by a
cross-site scripting vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its version, the Tenable SecurityCenter application
installed on the remote host is affected by a cross-site scripting
(XSS) vulnerability due to improper validation of uploaded .audit
files before they are rendered on the scan results page. An
authenticated, remote attacker can exploit this, via a crafted .audit
file that is later viewed by an administrator, to execute arbitrary
code in the user's browser session.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"http://www.tenable.com/security/tns-2015-12");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Tenable SecurityCenter version 5.2.0.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/12/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tenable:securitycenter");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");

  script_dependencies("securitycenter_installed.nbin");
  script_require_keys("Host/SecurityCenter/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("Host/SecurityCenter/Version");

# Affects 5.0.2
if (version == "5.0.2")
{
  set_kb_item(name:'www/0/XSS', value:TRUE);
  report_items = make_array(
    "Installed version", version,
    "Fixed version", "5.2.0"
  );
  report = report_items_str(report_items:report_items);
  security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);
}
else audit(AUDIT_INST_VER_NOT_VULN, 'SecurityCenter', version);