The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(133719);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/29");
script_cve_id("CVE-2020-0618");
script_xref(name:"IAVA", value:"2020-A-0074-S");
script_xref(name:"MSKB", value:"4532095");
script_xref(name:"MSKB", value:"4532097");
script_xref(name:"MSKB", value:"4532098");
script_xref(name:"MSKB", value:"4535288");
script_xref(name:"MSKB", value:"4535706");
script_xref(name:"MSFT", value:"MS20-4532095");
script_xref(name:"MSFT", value:"MS20-4532097");
script_xref(name:"MSFT", value:"MS20-4532098");
script_xref(name:"MSFT", value:"MS20-4535288");
script_xref(name:"MSFT", value:"MS20-4535706");
script_xref(name:"CEA-ID", value:"CEA-2020-0018");
script_name(english:"Security Updates for Microsoft SQL Server (February 2020)");
script_set_attribute(attribute:"synopsis", value:
"The Microsoft SQL Server installation on the remote host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The Microsoft SQL Server installation on the remote host is
missing a security update. It is, therefore, affected by the
following vulnerability :
- A remote code execution vulnerability exists in
Microsoft SQL Server Reporting Services when it
incorrectly handles page requests. An attacker who
successfully exploited this vulnerability could execute
code in the context of the Report Server service
account. (CVE-2020-0618)");
# https://support.microsoft.com/en-us/help/4532097/description-of-the-security-update-for-sql-server-2016-sp2-gdr-feb
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ff30ef1b");
# https://support.microsoft.com/en-us/help/4535288/description-of-the-security-update-for-sql-server-2014-sp3-cu4-feb
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8089305a");
# https://support.microsoft.com/en-us/help/4532095/description-of-the-security-update-for-sql-server-2014-sp3-gdr-feb
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?899d9f68");
# https://support.microsoft.com/en-us/help/4532098/security-update-for-sql-server-2012-sp4-gdr
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7c9e8cfc");
# https://support.microsoft.com/en-us/help/4535706/description-of-the-security-update-for-sql-server-2016-sp2-cu11-februa
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?226a31d0");
script_set_attribute(attribute:"solution", value:
"Microsoft has released the following security updates to address this issue:
-KB4532095
-KB4532097
-KB4532098
-KB4535288
-KB4535706");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-0618");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'SQL Server Reporting Services (SSRS) ViewState Deserialization');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/11");
script_set_attribute(attribute:"patch_publication_date", value:"2020/02/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sql_server");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl", "mssql_version.nasl", "smb_enum_services.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, 1433, "Services/mssql", "Host/patch_management_checks");
exit(0);
}
include('vcf_extras_microsoft.inc');
var app_info = vcf::microsoft::mssql::get_app_info();
var constraints =
[
{
'product_version' : '2012',
'target_hw' : 'x64, x86',
'file' : 'setup.exe',
'min_version' : '2011.110.0.0',
'fixed_version' : '2011.110.7493.4',
'kb' : '4532098'
},
{
'product_version' : '2012',
'target_hw' : 'x64, x86',
'file' : 'OSQL.exe',
'min_version' : '2011.110.0.0',
'fixed_version' : '2011.110.7493.4',
'kb' : '4532098'
},
{
'product_version' : '2014',
'target_hw' : 'x64, x86',
'file' : 'setup.exe',
'min_version' : '2014.120.6000.0',
'fixed_version' : '2014.120.6118.4',
'kb' : '4532095'
},
{
'product_version' : '2014',
'target_hw' : 'x64, x86',
'file' : 'OSQL.exe',
'min_version' : '2014.120.6000.0',
'fixed_version' : '2014.120.6118.4',
'kb' : '4532095'
},
{
'product_version' : '2014',
'target_hw' : 'x64, x86',
'file' : 'setup.exe',
'min_version' : '2014.120.6200.0',
'fixed_version' : '2014.120.6372.1',
'kb' : '4535288'
},
{
'product_version' : '2014',
'target_hw' : 'x64, x86',
'file' : 'OSQL.exe',
'min_version' : '2014.120.6200.0',
'fixed_version' : '2014.120.6372.1',
'kb' : '4535288'
},
{
'product_version' : '2016',
'target_hw' : 'x64',
'file' : 'setup.exe',
'min_version' : '2015.131.5000.0',
'fixed_version' : '2015.131.5102.14',
'kb' : '4532097'
},
{
'product_version' : '2016',
'target_hw' : 'x64',
'file' : 'xmlrw.dll',
'min_version' : '2015.131.5149.0',
'fixed_version' : '2015.131.5622.0',
'kb' : '4535706'
}
];
vcf::microsoft::mssql::check_version_and_report(
app_info : app_info,
constraints : constraints,
severity : SECURITY_WARNING
);
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | sql_server | cpe:/a:microsoft:sql_server |