CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
28.0%
The Microsoft SQL Server Reporting Services installation on the remote host is missing a security update. It is, therefore, affected by a security feature bypass vulnerability in SQL Server Reporting Services (SSRS) due to improper validation of uploaded attachments to reports. An authenticated, remote attacker could exploit this issue to upload file types that were disallowed by an administrator. (CVE-2020-1044)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were extracted from the Microsoft Security Updates
# API. The text itself is copyright (C) Microsoft Corporation.
#
include('compat.inc');
if (description)
{
script_id(140534);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/20");
script_cve_id("CVE-2020-1044");
script_xref(name:"IAVA", value:"2020-A-0410-S");
script_xref(name:"CEA-ID", value:"CEA-2020-0118");
script_name(english:"Security Updates for Microsoft SQL Server Reporting Services (September 2020)");
script_set_attribute(attribute:"synopsis", value:
"The Microsoft SQL Server Reporting Services installation on the remote host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The Microsoft SQL Server Reporting Services installation on the remote host is missing a security update. It is,
therefore, affected by a security feature bypass vulnerability in SQL Server Reporting Services (SSRS) due to improper
validation of uploaded attachments to reports. An authenticated, remote attacker could exploit this issue to upload file
types that were disallowed by an administrator. (CVE-2020-1044)");
# https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1044
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5708b76b");
script_set_attribute(attribute:"solution", value:
"Refer to Microsoft documentation and upgrade to relevant fixed version.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1044");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/08");
script_set_attribute(attribute:"patch_publication_date", value:"2020/09/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sql_server_reporting_services");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("sql_server_reporting_services_installed.nbin");
script_require_keys("installed_sw/Microsoft SQL Server Reporting Services");
script_require_ports(139, 445);
exit(0);
}
include('vcf.inc');
app_info = vcf::get_app_info(app:'Microsoft SQL Server Reporting Services', win_local:TRUE);
constraints = [
{ 'min_version':'14.0.0.0', 'fixed_version' : '14.0.600.1669'},
{ 'min_version':'15.0.0.0', 'fixed_version' : '15.0.7545.4810'}
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
28.0%