Lucene search

HistoryJan 08, 2016 - 12:00 a.m.

IBM Tivoli Storage FlashCopy Manager for VMware 3.1.x < 3.1.1.3 / 3.2.x < 3.2.0.6 / 4.1.x < 4.1.4.0 Command Execution

2016-01-0800:00:00

www.tenable.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.009

Percentile

83.2%

JSON

The version of IBM Tivoli Storage FlashCopy Manager for VMware installed on the remote host is affected by multiple vulnerabilities :

An unspecified flaw exists in the graphical user interface that allows an unauthenticated, remote attacker to perform backup and restore operations, along with other administrative commands, resulting in a possible adverse impact on the integrity of system operation or the disclosure of confidential information. (CVE-2015-7425)
A flaw exists in the IBM Data Protection Extension that can result in privilege escalation. An authenticated attacker can exploit this to select an existing virtual machine from the vSphere inventory and perform a Restore operation without having the required privilege for the operation. Although performing this operation does not overwrite the existing virtual machine, the attacker can create a new virtual machine holding the same data, allowing disclosure of information. (CVE-2015-7429)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(87822);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/10/15");

  script_cve_id("CVE-2015-7425", "CVE-2015-7429");
  script_bugtraq_id(79541, 79545);

  script_name(english:"IBM Tivoli Storage FlashCopy Manager for VMware 3.1.x < 3.1.1.3 / 3.2.x < 3.2.0.6 / 4.1.x < 4.1.4.0 Command Execution");
  script_summary(english:"Checks version of Tivoli Storage FlashCopy Manager for VMware.");

  script_set_attribute(attribute:"synopsis", value:
"A backup application installed on the remote host is affected by
multiple remote command execution vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of IBM Tivoli Storage FlashCopy Manager for VMware
installed on the remote host is affected by multiple vulnerabilities :

- An unspecified flaw exists in the graphical user interface
  that allows an unauthenticated, remote attacker to perform
  backup and restore operations, along with other
  administrative commands, resulting in a possible adverse
  impact on the integrity of system operation or the
  disclosure of confidential information. (CVE-2015-7425)

- A flaw exists in the IBM Data Protection Extension that
  can result in privilege escalation. An authenticated
  attacker can exploit this to select an existing virtual
  machine from the vSphere inventory and perform a Restore
  operation without having the required privilege for the
  operation. Although performing this operation does not
  overwrite the existing virtual machine, the attacker can
  create a new virtual machine holding the same data,
  allowing disclosure of information. (CVE-2015-7429)");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21973086");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21973087");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Tivoli Storage FlashCopy Manager for VMware version
3.1.1.3 / 3.2.0.6 / 4.1.4.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7425");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/12/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/08");

  script_set_attribute(attribute:"agent", value:"unix");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_storage_flashcopy_manager");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tivoli_storage_flashcopy_manager_installed_linux.nbin");
  script_require_keys("installed_sw/Tivoli Storage FlashCopy Manager");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

app = 'Tivoli Storage FlashCopy Manager';

install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
version = install["version"];
path = install["path"];
hypervisor = install["Hypervisor"];

app += " for " + hypervisor;

if (hypervisor != "VMware")
  audit(AUDIT_INST_VER_NOT_VULN, app, version);

if (version =~ "^3\.1\.")
  fix = "3.1.1.3";
else if (version =~ "^3\.2\.")
  fix = "3.2.0.6";
else if (version =~ "^4\.1\.")
  fix = "4.1.4.0";
else
  audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);

if (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)
  audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);

report =
  '\n  Hypervisor        : ' + hypervisor +
  '\n  Path              : ' + path +
  '\n  Installed version : ' + version +
  '\n  Fixed version     : ' + fix + '\n';

security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7425

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7429

www-01.ibm.com/support/docview.wss?uid=swg21973086

www-01.ibm.com/support/docview.wss?uid=swg21973087

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.009

Percentile

83.2%

JSON

Related for TIVOLI_STORAGE_FLASHCOPY_MANAGER_VMWARE_CVE-2015-7426.NASL