Lucene search

K
nessusThis script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS20_NOV_OFFICE_SHAREPOINT_2019.NASL
HistoryNov 12, 2020 - 12:00 a.m.

Security Updates for Microsoft SharePoint Server 2019 (November 2020)

2020-11-1200:00:00
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12

The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

  • An Information Disclosure Vulnerability exists in Microsoft SharePoint. (CVE-2020-16979, CVE-2020-17017)

  • A Spoofing Vulnerability exists in Microsoft SharePoint. (CVE-2020-17015, CVE-2020-17016, CVE-2020-17060)

  • A Remote Code Execution Vulnerability exists in Microsoft SharePoint. (CVE-2020-17061)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#

include('compat.inc');

if (description)
{
  script_id(142807);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2020-16979",
    "CVE-2020-17015",
    "CVE-2020-17016",
    "CVE-2020-17017",
    "CVE-2020-17060",
    "CVE-2020-17061"
  );
  script_xref(name:"MSKB", value:"4486714");
  script_xref(name:"MSFT", value:"MS20-4486714");
  script_xref(name:"IAVA", value:"2020-A-0514-S");
  script_xref(name:"CEA-ID", value:"CEA-2020-0135");

  script_name(english:"Security Updates for Microsoft SharePoint Server 2019 (November 2020)");

  script_set_attribute(attribute:"synopsis", value:
"The Microsoft SharePoint Server 2019 installation on the remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The Microsoft SharePoint Server 2019 installation on the
remote host is missing security updates. It is, therefore,
affected by multiple vulnerabilities :

  - An Information Disclosure Vulnerability exists in Microsoft SharePoint. (CVE-2020-16979, CVE-2020-17017) 

  - A Spoofing Vulnerability exists in Microsoft SharePoint. (CVE-2020-17015, CVE-2020-17016, CVE-2020-17060)
  
  - A Remote Code Execution Vulnerability exists in Microsoft SharePoint. (CVE-2020-17061)");
  # https://support.microsoft.com/en-us/help/4486714/security-update-for-sharepoint-server-2019-nov-10-2020
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8293d5bd");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released KB4486714 to address this issue.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-17017");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-17061");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/11/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sharepoint_server");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("microsoft_sharepoint_installed.nbin", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');
include('misc_func.inc');
include('install_func.inc');
include('lists.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS20-11';

kbs = make_list(
  '4486714'
);

if (get_kb_item('Host/patch_management_checks'))
  hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);

# Get path information for Windows.
windir = hotfix_get_systemroot();
if (isnull(windir)) exit(1, 'Failed to determine the location of %windir%.');

registry_init();

install = get_single_install(app_name:'Microsoft SharePoint Server');

kb_checks =
{
  '2019':
  { '0':
    {'Server':
     [{
         'kb'           : '4486714',
         'path'         : install['path'],
         'append'       : 'bin',
         'file'         : 'ascalc.dll',
         'version'      : '16.0.10368.20000',
         'product_name' : 'Microsoft SharePoint Server 2019'
      }]
    }
  }
};

# Get the specific product / path 
param_list = kb_checks[install['Product']][install['SP']][install['Edition']];

# audit if not affected
if(isnull(param_list)) audit(AUDIT_INST_VER_NOT_VULN, 'Microsoft SharePoint Server');


vuln = FALSE;
xss = FALSE;
port = kb_smb_transport();

# grab the path otherwise
foreach check (param_list)
{
 
  if (!isnull(check['version']))
  {
    path = hotfix_append_path(path:check['path'], value:check['append']);

    are_we_vuln = hotfix_check_fversion(
      file:check['file'],
      version:check['version'],
      path:path,
      kb:check['kb'],
      product:check['product_name']
    );
  }
  else
  {
    report = '\n';

    if (check['product_name'])
      report += '  Product : ' + check['product_name'] + '\n';
    if (check['kb'])
      report += '  KB : ' + check['kb'] + '\n';
    hotfix_add_report(report, kb:check['kb']);
  }

  if(are_we_vuln == HCF_OLDER) vuln = TRUE;
}

if (vuln)
{
  port = kb_smb_transport();
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}


VendorProductVersion
microsoftsharepoint_server
Related for SMB_NT_MS20_NOV_OFFICE_SHAREPOINT_2019.NASL