Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS22_JUN_SYSTEM_CENTER_MANAGEMENT_PACK.NASL
HistoryJun 27, 2022 - 12:00 a.m.

Security Updates for Microsoft System Center Management Pack (June 2022)

2022-06-2700:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
JSON

The Microsoft System Center Management Pack for UNIX/Linux on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

  • An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
    (CVE-2022-29149)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(162547);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/19");

  script_cve_id("CVE-2022-29149");
  script_xref(name:"IAVA", value:"2022-A-0249-S");

  script_name(english:"Security Updates for Microsoft System Center Management Pack (June 2022)");

  script_set_attribute(attribute:"synopsis", value:
"A data center management system component on the remote Windows system is affected by an escalation of privilege
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The Microsoft System Center Management Pack for UNIX/Linux on the remote host is missing a security update. It is,
therefore, affected by the following vulnerability:

  - An elevation of privilege vulnerability. An attacker can
    exploit this to gain elevated privileges.
    (CVE-2022-29149)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29149
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?70e3ada3");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for the System Center Management Pack for UNIX/Linux 2016, 2019, and 2022.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-29149");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/05/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/06/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:system_center_operations_manager");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("system_center_management_pack_installed.nbin");
  script_require_ports("installed_sw/System Center Management Pack for UNIX and Linux");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'System Center Management Pack for UNIX and Linux', win_local:TRUE);

var constraints = [
  { 'min_version':'7.2.0.0',    'fixed_version':'7.6.1108.0' },   # 2016
  { 'min_version':'10.19.0.0',  'fixed_version':'10.19.1152.0' }, # 2019
  { 'min_version':'10.22.0.0',  'fixed_version':'10.22.1024.0' }  # 2022
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING
);
VendorProductVersionCPE
microsoftsystem_center_operations_managercpe:/a:microsoft:system_center_operations_manager

Related

prion 1
kaspersky 2
osv 1
cve 1
mscve 1
nessus 1
wizblog 1
rapid7blog 1
prion
prion
Privilege escalation
2022-06-15 22:15:00
kaspersky
kaspersky
KLA12565 PE vulnerability in Microsoft System Center
2022-06-14 00:00:00
KLA12561 Multiple vulnerabilities in Microsoft Azure
2022-06-14 00:00:00
osv
osv
CVE-2022-29149
2022-06-15 22:15:13
cve
cve
CVE-2022-29149
2022-06-15 22:15:00
mscve
mscve
Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
2022-06-14 07:00:00
nessus
nessus
Microsoft Open Management Infrastructure (OMI) package < 1.6.9-1 Privilege Escalation Vulnerability
2022-06-17 00:00:00
wizblog
wizblog
Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMI
2022-08-05 05:51:58
rapid7blog
rapid7blog
Patch Tuesday - June 2022
2022-06-14 19:37:50
JSON
Related for SMB_NT_MS22_JUN_SYSTEM_CENTER_MANAGEMENT_PACK.NASL
prion1kaspersky2osv1cve1mscve1nessus1wizblog1rapid7blog1