Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SOLARWINDS_STORAGE_RESOURCE_MON_6_2_0.NASLHistoryOct 16, 2015 - 12:00 a.m.
SolarWinds Storage Resource Monitor < 6.2 ProcessFileUpload.jsp File Upload RCE
2015-10-1600:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
85.2%
The remote host is running a version of SolarWinds Storage Resource Monitor (formerly SolarWinds Storage Manager) prior to 6.2. It is, therefore, affected by a remote code execution vulnerability due to improper sanitization of user-uploaded files by the ProcessFileUpload.jsp script. An unauthenticated, remote attacker can exploit this vulnerability to upload malicious PHP scripts, resulting in the execution of arbitrary code with the privileges of the web server.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(86421);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/06/03");
script_cve_id("CVE-2015-7838");
script_xref(name:"EDB-ID", value:"34671");
script_xref(name:"IAVA", value:"2015-A-0238-S");
script_name(english:"SolarWinds Storage Resource Monitor < 6.2 ProcessFileUpload.jsp File Upload RCE");
script_summary(english:"Checks the version of Storage Resource Monitor.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is running a web application affected by a remote code
execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote host is running a version of SolarWinds Storage Resource
Monitor (formerly SolarWinds Storage Manager) prior to 6.2. It is,
therefore, affected by a remote code execution vulnerability due to
improper sanitization of user-uploaded files by the
ProcessFileUpload.jsp script. An unauthenticated, remote attacker can
exploit this vulnerability to upload malicious PHP scripts, resulting
in the execution of arbitrary code with the privileges of the web
server.");
# http://www.solarwinds.com/documentation/srm/docs/releasenotes/releasenotes.htm
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?048bbe17");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-15-460/");
script_set_attribute(attribute:"solution", value:
"Upgrade to SolarWinds Storage Manager version 6.2 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"d2_elliot_name", value:"Solarwinds Storage Manager ProcessFileUpload.jsp File Upload");
script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/01");
script_set_attribute(attribute:"patch_publication_date", value:"2015/09/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:solarwinds:storage_manager");
script_set_attribute(attribute:"cpe", value:"x-cpe:/a:solarwinds:storage_resource_monitor");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("solarwinds_storage_manager_installed.nbin");
script_require_ports("installed_sw/SolarWinds Storage Manager", "installed_sw/SolarWinds Storage Resource Monitor");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
storage_res_mon = "SolarWinds Storage Resource Monitor";
storage_mgr = "SolarWinds Storage Manager";
apps = make_list();
unaffected = make_list();
if (get_install_count(app_name:storage_res_mon) > 0) apps = make_list(apps, storage_res_mon);
if (get_install_count(app_name:storage_mgr) > 0) apps = make_list(apps, storage_mgr);
if (empty(apps)) audit(AUDIT_NOT_INST, storage_res_mon + "/" + storage_mgr);
foreach app_name (apps)
{
install = get_single_install(app_name:app_name, exit_if_unknown_ver:FALSE);
path = install['path'];
version = install['version'];
fix = "6.2.0.749";
if (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)
{
port = get_kb_item("SMB/transport");
if (isnull(port)) port = 445;
if (report_verbosity > 0)
{
report =
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
security_hole(extra:report, port:port);
}
else security_hole(port);
}
else
unaffected = make_list(unaffected,
"The " + app_name + " version " + version + " install under " + path +
" is not affected."
);
}
if (!empty(unaffected)) exit(0, join(unaffected, sep:'\n'));
| Vendor | Product | Version | CPE |
|---|---|---|---|
| solarwinds | storage_manager | cpe:/a:solarwinds:storage_manager | |
| solarwinds | storage_resource_monitor | x-cpe:/a:solarwinds:storage_resource_monitor |
Related
nvd
nvd
CVE-2015-7838
2015-10-15 20:59:08
cve
cve
CVE-2015-7838
2022-10-03 16:15:56
prion
prion
Design/Logic Flaw
2015-10-15 20:59:00
dsquare
dsquare
Solarwinds Storage Manager ProcessFileUpload.jsp File Upload
2015-10-13 00:00:00
zdi
zdi
cvelist
cvelist
CVE-2015-7838
2022-10-03 16:15:56
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
85.2%
Related for SOLARWINDS_STORAGE_RESOURCE_MON_6_2_0.NASL