Lucene search
This script is Copyright (C) 2015-2023 Tenable Network Security, Inc.SOLARWINDS_DAMEWARE_MINI_REMOTE_CONTROL_V12_0_HOTFIX_2.NASLHistoryNov 20, 2015 - 12:00 a.m.
SolarWinds DameWare Mini Remote Control < 12.0 Hotfix 2 SSLv3 Padding Oracle On Downgraded Legacy Encryption (POODLE)
2015-11-2000:00:00
This script is Copyright (C) 2015-2023 Tenable Network Security, Inc.
www.tenable.com
796
The remote host is running a version of SolarWinds DameWare Mini Remote Control prior to 12.0 Hotfix 2. It is, therefore, affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(86995);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/23");
script_cve_id("CVE-2014-3566");
script_bugtraq_id(70574);
script_xref(name:"CERT", value:"577193");
script_name(english:"SolarWinds DameWare Mini Remote Control < 12.0 Hotfix 2 SSLv3 Padding Oracle On Downgraded Legacy Encryption (POODLE)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is running a remote management application that is
affected by a man-in-the-middle (MitM) information disclosure
vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote host is running a version of SolarWinds DameWare Mini
Remote Control prior to 12.0 Hotfix 2. It is, therefore, affected by
a man-in-the-middle (MitM) information disclosure vulnerability known
as POODLE. The vulnerability is due to the way SSL 3.0 handles padding
bytes when decrypting messages encrypted using block ciphers in cipher
block chaining (CBC) mode. A MitM attacker can decrypt a selected byte
of a cipher text in as few as 256 tries if they are able to force a
victim application to repeatedly send the same data over newly created
SSL 3.0 connections.");
script_set_attribute(attribute:"see_also", value:"https://thwack.solarwinds.com/message/313220#313220");
script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2014/10/14/poodle.html");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/ssl-poodle.pdf");
script_set_attribute(attribute:"see_also", value:"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00");
script_set_attribute(attribute:"solution", value:
"Upgrade to SolarWinds DameWare Mini Remote Control v12.0 Hotfix 2 or
later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3566");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/14");
script_set_attribute(attribute:"patch_publication_date", value:"2015/11/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/a:solarwinds:dameware_mini_remote_control");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2015-2023 Tenable Network Security, Inc.");
script_dependencies("solarwinds_dameware_mini_remote_control_installed.nbin");
script_require_keys("installed_sw/SolarWinds DameWare Mini Remote Control");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
app_name = "SolarWinds DameWare Mini Remote Control";
install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
path = install['path'];
version = install['version'];
fix = "12.0.0.520";
if (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)
{
port = get_kb_item("SMB/transport");
if (isnull(port)) port = 445;
if (report_verbosity > 0)
{
report =
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
security_warning(extra:report, port:port);
}
else security_warning(port);
exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| solarwinds | dameware_mini_remote_control | x-cpe:/a:solarwinds:dameware_mini_remote_control |
Related
ibm
ibm
fedora
fedora
[SECURITY] Fedora 22 Update: fossil-1.33-1.fc22
2015-10-15 03:51:23
[SECURITY] Fedora 19 Update: python-rhsm-1.13.6-1.fc19
2014-11-07 02:33:12
[SECURITY] Fedora 20 Update: claws-mail-3.11.1-2.fc20
2014-11-10 06:30:29
nessus
nessus
AIX 7.1 TL 2 : nettcp (IV73974) (POODLE)
2015-06-19 00:00:00
Fedora 21 : claws-mail-3.11.1-2.fc21 / claws-mail-plugins-3.11.1-1.fc21 / libetpan-1.6-1.fc21 (2014-14217) (POODLE)
2014-11-11 00:00:00
Fedora 19 : python-rhsm-1.13.6-1.fc19 (2014-13794)
2014-11-07 00:00:00
suse
suse
Security update for suseRegister (important)
2015-01-05 21:04:43
redhat
redhat
(RHSA-2014:1653) Moderate: openssl security update
2014-10-16 00:00:00
(RHSA-2015:1546) Important: node.js security update
2015-08-04 00:00:00
(RHSA-2015:1545) Important: node.js security update
2015-08-04 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3489-1)
2016-03-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-429)
2015-09-08 00:00:00
Fedora Update for asterisk FEDORA-2014-15621
2015-01-05 00:00:00
centos
centos
openssl security update
2014-10-16 15:21:39
cisco
cisco
SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2014-10-15 18:30:00
seebug
seebug
SSL 3.0 POODLE(CVE-2014-3566)
2017-02-17 00:00:00
osv
osv
lighttpd - security update
2015-07-25 00:00:00
lighttpd - security update
2016-02-23 00:00:00
hackerone
hackerone
New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2017-03-26 19:08:23
MariaDB: smtp service vulnerable to POODLE SSLv3
2019-03-24 06:26:55
citrix
citrix
CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw
2014-10-14 04:00:00
f5
f5
K15702 : SSLv3 vulnerability CVE-2014-3566
2015-09-18 00:00:00
veracode
veracode
Information Disclosure
2017-02-07 00:05:45
POODLE Attack
2017-04-27 06:54:17
Information Disclosure
2019-01-15 08:54:41
cert
cert
POODLE vulnerability in SSL 3.0
2014-10-17 00:00:00
amazon
amazon
Important: openssl
2014-10-14 22:32:00
checkpoint_security
checkpoint_security
Check Point response to the POODLE Bites vulnerability (CVE-2014-3566)
2014-10-13 21:00:00
fortinet
fortinet
SSL v3 "POODLE" Vulnerability
2014-10-15 00:00:00
securityvulns
securityvulns
TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack
2014-10-18 00:00:00
APPLE-SA-2014-10-16-4 OS X Server v3.2.2
2014-10-18 00:00:00
prion
prion
Code injection
2014-10-15 00:55:00
huawei
huawei
Security Advisory-SSLv3 POODLE Vulnerability in Huawei Products
2014-12-15 00:00:00
debian
debian
[SECURITY] [DSA 3489-1] lighttpd security update
2016-02-23 18:26:27
freebsd
freebsd
asterisk -- Asterisk Susceptibility to POODLE Vulnerability
2014-10-20 00:00:00
aix
aix
Vulnerability in SSLv3 affects AIX,Vulnerability in SSLv3 affects VIOS
2015-06-17 09:52:06
Related for SOLARWINDS_DAMEWARE_MINI_REMOTE_CONTROL_V12_0_HOTFIX_2.NASL