Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SECURITYCENTER_5_5_2_TNS_2017_13.NASL
HistoryNov 02, 2017 - 12:00 a.m.

Tenable SecurityCenter 5.5.0 <= 5.5.2 SQLi (TNS-2017-13)

2017-11-0200:00:00
This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is affected by a SQL injection flaw.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#TRUSTED 61a62e5a175c29ae6bb19da21b39daea05200a06ffbcebb5478ce91177ff5ad75e5f88a21755f48db6b19f9d0893fd65578d10543316f52a9c04fd3a578211c5cdefb250702c7330159fd0dfd724ea0e2312dc554c5cad859ae8d5da0cc91b81db14293bbb25b32a5d7ee5d550fb58921b9fb1f7d82ff1d18f83ab9dad4512c9e8a116fa69a08f9f2262cb427c720f30c7cb7770585b2407ebf55b0121cdaf76d075d62253e92b70adcf1934b02a09c1d886ba4f75efdb3ba272aec77af4cb15338cfd131b10fb904532a7d1634619f6cf413cf45c76db8349e748bc99a9838f802076d8ebd6a620e861200849269be4e5b3df51b44e54b0736f920f4f441935816eb116bec5056f95231cbc14d537624ffbc617217b265566d2eed9db0948077d03a93bbf7b628966524d2fae42ff74f283a3670d8c872a209fb372db9af1af377eb8bfd0eb85c8e2f4f3f8fc17087632a1382646480d9c3076ec938e4e025b2cfed686e65544fac522320cc7eea377f1b3ea847e985cad0ae636f2e6046cf62dc656ff2d6d103ff0964d4c6385e2db2ad3a1e38549ed95f6dad7fd4b8f036eb4a0d015aad7381a0cbdd7c907f8b3b109fd510c2dcb9773230f918b015aac124b4108f3f29158d5330931bb3f51eed8270643d55195d0dd3d0b384acf556b998f3c1be8c19adda63e8297e062567c186436986498250662401ca9356f7b8c59
#TRUST-RSA-SHA256 99d696ffa5a520ced594717a107dfebbbf01a71252917d66e2377d45346827116c12972c9dc83591ec36ed9d39113661eef16c906439329fc3f106496c601e9ea12b4dadc628bdf5b0c4b4882c8313528cd193a5c64c1bbca2e1ff2f165a6a054ed35ce8ccecb99c150f6fd8cd44f55cefe4975d51e572ccf85a59a0066f4e3dcbf65be425cfc76810cb0795f86a62671a797ef93aee78d375ff5199c4dbed2ccd89a78c7c247f86edf75eb36f2c47bdc50892d52677b021615d4d1b19374f0944307f9432a8a79117b90ecc1fd383964a35757ee60fe783c1a4ce4a39e2eb97b82b41d7a513eaf9d2185690ae5b3474481038fda7683e025a3633d5def8c4e655f6302906ee59b7d44a358bd9e9fbb6323c8ca3e303df8f88475fbd9862bb5aa7c021df1622af4ee3460e146385b157268bb3f3af903cbab4695f4ff699c6611ee4c2b821636bd62e1374aa778c728b8920ed653d58ef88e1c932481c5ab255e58a7e7e33fbbdd8514158ce5668e9817ce21b6c3186a2cb8474a35262925221711b7d218ae2e504e10f92b8550082434e6f547f327c77f81e99b9adb79860a4e0babeb19422bf6e06e1323c743806c226c632594a36157fa552c0a5a6315a6de779a8609e7e594f6d6f1f3a890dce590e3933c7abd00fb044e384ead1d9c092a91bfef5cec614a4a4d26aa394d5aabaebbdc731d35357ba81b4154fe1d2d8f1
#
# (C) Tenable Network Security, Inc.


include("compat.inc");

if (description)
{
  script_id(104361);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

  script_cve_id("CVE-2017-11508");

  script_name(english:"Tenable SecurityCenter 5.5.0 <= 5.5.2 SQLi (TNS-2017-13)");
  script_summary(english:"Checks the SecurityCenter version.");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote host is affected by 
a SQL injection flaw.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Tenable SecurityCenter
application installed on the remote host is affected by a SQL 
injection flaw.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/tns-2017-13");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch referenced in the vendor advisory or 
upgrade to Tenable SecurityCenter version 5.6.0 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-11508");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/11/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/02");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tenable:securitycenter");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("securitycenter_installed.nbin", "securitycenter_detect.nbin");
  script_require_ports("Host/SecurityCenter/Version", "installed_sw/SecurityCenter");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("telnet_func.inc");
include("hostlevel_funcs.inc");
include("install_func.inc");


enable_ssh_wrappers();

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/SecurityCenter/Version");
port = 0;
if(empty_or_null(version))
{
  port = 443;
  install = get_single_install(app_name:"SecurityCenter", combined:TRUE, exit_if_unknown_ver:TRUE);
  version = install["version"];
}
vuln = FALSE;

# Affects versions 5.5.0 - 5.5.2
if (version =~ "^5\.5\.[0-2]$")
{
    # Establish running of local commands
    if ( islocalhost() )
    {
      if ( ! defined_func("pread") ) audit(AUDIT_NOT_DETECT, "pread");
        info_t = INFO_LOCAL;
    }
    else
    {
      sock_g = ssh_open_connection();
      if (! sock_g) audit(AUDIT_HOST_NOT, "able to connect via the provided SSH credentials.");
        info_t = INFO_SSH;
    }

    # Check scan.php file if it contains the patched lines
    res = info_send_cmd(cmd:"cat /opt/sc/src/tools/scan.php");
    if (info_t == INFO_SSH) ssh_close_connection();
    if (! res || 'setStatus(SCAN_PREPARING);' >!< res) exit(1, "The command 'cat /opt/sc/src/tools/scan.php' failed.");
    if ('$stmt->execute($sqlParams[$sqlIndex]);' >!< res)
    {
      vuln = TRUE;
      fix = "Apply the patch referenced in the TNS-2017-13 advisory or upgrade to version 5.6.0 or later.";
    }
}

if (vuln)
{
    report =
          '\n  Installed version  : ' + version +
              '\n  Fixed version      : ' + fix + '\n';
      security_report_v4(port:port, extra:report, severity:SECURITY_WARNING, sqli:TRUE);
}
else audit(AUDIT_INST_VER_NOT_VULN, 'SecurityCenter', version);
VendorProductVersionCPE
tenablesecuritycentercpe:/a:tenable:securitycenter

Related

cve 1
cvelist 1
prion 1
tenable 1
nvd 1
cve
cve
CVE-2017-11508
2017-11-02 17:29:00
cvelist
cvelist
CVE-2017-11508
2017-11-01 00:00:00
prion
prion
Sql injection
2017-11-02 17:29:00
tenable
tenable
[R1] SecurityCenter 5.6.0 Fixes One Vulnerability
2017-11-01 20:46:53
nvd
nvd
CVE-2017-11508
2017-11-02 17:29:00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON
Related for SECURITYCENTER_5_5_2_TNS_2017_13.NASL
cve1cvelist1prion1tenable1nvd1