Lucene search

K
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS23_AUG_ONENOTE_UNIVERSAL.NASL
HistoryAug 17, 2023 - 12:00 a.m.

Microsoft OneNote Spoofing (August 2023)

2023-08-1700:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
microsoft onenote
spoofing
security vulnerability
microsoft store
update.

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.0%

The Microsoft OneNote Products are missing a security update. It is, therefore, affected by a spoofing vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##

include('compat.inc');

if (description)
{
  script_id(179925);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/27");

  script_cve_id("CVE-2023-36769");
  script_xref(name:"IAVA", value:"2023-A-0429");

  script_name(english:"Microsoft OneNote Spoofing (August 2023)");

  script_set_attribute(attribute:"synopsis", value:
"The Microsoft OneNote Products are affected by a spoofing vulnerability.");
  script_set_attribute(attribute:"description", value:
"The Microsoft OneNote Products are missing a security update. It is, therefore, affected by a spoofing
vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://learn.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b315068b");
  # https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5931548c");
  # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?34cb9be5");
  script_set_attribute(attribute:"solution", value:
"Upgrade to app version 16.0.14326.21450  or later via the Microsoft Store.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-36769");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_hotfixes.nasl", "wmi_enum_windows_app_store.nbin");
  script_require_keys("SMB/Registry/Enumerated", "WMI/Windows App Store/Enumerated");
  script_require_ports(139, 445);

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var apps = ['Microsoft.Office.OneNote'];

var app_info = vcf::microsoft_appstore::get_app_info(app_list:apps);

vcf::check_granularity(app_info:app_info, sig_segments:3);

# added two check for 2 different version format
var constraints = [
    { 'min_version' : '15.0', 'fixed_version' : '15.0.5579.1000' },
    { 'min_version' : '15001.0', 'fixed_version' : '15001.5579.1000.0' },
    { 'min_version' : '16.0', 'fixed_version' : '16.0.5408.1000' },
    { 'min_version' : '16001.0', 'fixed_version' : '16001.5408.1000.0' }
];

# added path cheking to diffirentiate from other onenote
if (empty_or_null(app_info.path))
  vcf::audit(app_info);

vcf::microsoft_appstore::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.0%

Related for SMB_NT_MS23_AUG_ONENOTE_UNIVERSAL.NASL