Lucene search
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS15-017.NASLHistoryFeb 10, 2015 - 12:00 a.m.
MS15-017: Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)
2015-02-1000:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.001
Percentile
20.0%
The remote Windows host is running a version of Microsoft System Center Virtual Machine Manager that is affected by privilege escalation vulnerability due to improper validation of user roles. An attacker with valid Active Directory logon credentials can exploit this vulnerability to gain administrative privileges.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(81270);
script_version("1.8");
script_cvs_date("Date: 2019/11/25");
script_cve_id("CVE-2015-0012");
script_bugtraq_id(72473);
script_xref(name:"MSFT", value:"MS15-017");
script_xref(name:"MSKB", value:"3023195");
script_xref(name:"MSKB", value:"3023914");
script_xref(name:"IAVA", value:"2015-A-0036");
script_name(english:"MS15-017: Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)");
script_summary(english:"Checks version of VirtualMachineViewer.exe.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a privilege escalation vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is running a version of Microsoft System
Center Virtual Machine Manager that is affected by privilege
escalation vulnerability due to improper validation of user roles. An
attacker with valid Active Directory logon credentials can exploit
this vulnerability to gain administrative privileges.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-017");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a patch for Microsoft System Center Virtual
Machine Manager 2012 R2.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0012");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/10");
script_set_attribute(attribute:"patch_publication_date", value:"2015/02/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:virtual_machine_manager");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_scvmm_installed.nbin", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");
include("install_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS15-017';
kbs = make_list(3023195, 3023914);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
app_name = 'Microsoft System Center Virtual Machine Manager';
get_install_count(app_name:app_name, exit_if_zero:TRUE);
install = get_single_install(app_name:app_name);
path = install['path'];
version = install['version'];
# This update applies to 2012 R2 U4 and above
if(ver_compare(ver:version, fix:'3.2.7768.0', strict:FALSE) == -1)
audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);
vuln = FALSE;
bin_path = hotfix_append_path(path:path,value:"bin");
if (
hotfix_check_fversion(file:"VirtualMachineViewer.exe",version:"3.2.7895.0",path:bin_path,bulletin:bulletin,kb:'3023914',product:app_name+" 2012 R2")==HCF_OLDER ||
hotfix_check_fversion(file:"VirtualMachineViewer.exe",version:"3.2.7895.0",path:bin_path,bulletin:bulletin,kb:'3023195',product:app_name+" 2012 R2")==HCF_OLDER
) vuln = TRUE;
if (vuln)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_warning();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, "affected");
}
Related
symantec
symantec
securityvulns
securityvulns
Microsoft Virtual Machine Manager privilege escalation
2015-02-11 00:00:00
prion
prion
Privilege escalation
2015-02-11 03:00:00
kaspersky
kaspersky
KLA10454 PE vulnerabilities in MSCVMM
2015-02-10 00:00:00
cve
cve
CVE-2015-0012
2015-02-11 03:00:32
cvelist
cvelist
CVE-2015-0012
2015-02-11 02:00:00
mskb
mskb
nvd
nvd
CVE-2015-0012
2015-02-11 03:00:32
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.001
Percentile
20.0%
Related for SMB_NT_MS15-017.NASL