Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.VMWARE_VREALIZE_AUTOMATION_VMSA_2018_0006.NASL
HistoryFeb 06, 2018 - 12:00 a.m.

VMware vRealize Automation Deserialization Vulnerability (VMSA-2018-0006)

2018-02-0600:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.046 Low

EPSS

Percentile

92.6%

JSON

The VMware vRealize Automation application running on the remote host is version 7.2 or 7.3 and is missing security patches indicated in the vendor advisory. It is, therefore, affected by a deserialization vulnerability.

#TRUSTED 60da2fdad8132ef8c9397fe9e47955a7fb01297875b58347767b4c5db0fecd63c1a6430450f0d027541bcfcd5e6421d663e0142a3abea51ec037036667a9edcfa70ee08441b45695bdffb03dc98758e32f7ca1c087236c9ab5f07760903989f9f5d00c20a26f86571edd728dd8dd8aa3dae67bba59d965f9e9a05719fe0387304bdd9a9787dd6ccef7496dd9429cae1005596037e6ac9fadfb5ebb21bed6aebd93f9edbdb3e64cc11b11450bf1bff408d1de0cea1885285a9605bb4e191067f9a6cef203556a6b9943d29d18a35d24a8f56d6f3d2d86a1faf7026e0d71351ad87d5b79502c491759eeef0da39359b029df5ffe545ee7836d1ea968dbd4467d9f51c352dbf109444e77de35be1ffd3d18ef6947ee0b321d19ea384718c0c39c2b61326b02b94d48d02e28f04a4ef2b9d47eac648fe5c247111eeb2ddf67975b93b396f952c1f1b4af2365d452f3398ec60ec1e7fda21381c1639928ba7e21b0548269f6b5829812031f6ac9f250495f072173b5598bbe684c726b045a3e4a9e6378e6a6704445d0f55e6917688c64be36daf03ca288cab9e4cb473ffb9e5c58699fd0cd7616873dc9e511cdd3862bdc9c51804bea3b6a96ca910eaef56996b918d3f3a3ecbdcb2ae76abdc13183b5fae51ae49d4a15921f1f8edf2b4c0ba408b597da2cbe066392adb623dcd5e0e2ddfb27bfa84dcfd32062ffacc7a6287a6b4e
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(106621);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/08");

  script_cve_id("CVE-2017-4947");
  script_bugtraq_id(102852);
  script_xref(name:"VMSA", value:"2018-0006");

  script_name(english:"VMware vRealize Automation Deserialization Vulnerability (VMSA-2018-0006)");
  script_summary(english:"Checks the version of VMware vRealize Automation.");

  script_set_attribute(attribute:"synopsis", value:
"A device management application running on the remote host is affected
by a deserialization vulnerability .");
  script_set_attribute(attribute:"description", value:
"The VMware vRealize Automation application running on the remote host
is version 7.2 or 7.3 and is missing security patches indicated in the
vendor advisory. It is, therefore, affected by a deserialization
vulnerability.");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2018-0006.html");
  script_set_attribute(attribute:"solution", value:
"Apply the fixes as indicated in the vendor advisory to VMware
vRealize Automation.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/01/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/06");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vrealize_automation");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_ports("Host/VMware vRealize Automation/Version", "installed_sw/VMware vRealize Automation");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("hostlevel_funcs.inc");
include("telnet_func.inc");

app = "VMware vRealize Automation";
flag = FALSE;

version = get_kb_item_or_exit("Host/" + app + "/Version");
port = 0;

if ( islocalhost() )
{
  if ( ! defined_func("pread")  ) exit(0);
  info_t = INFO_LOCAL;
}
else
{
  sock_g = ssh_open_connection();
  if (! sock_g) exit(0);
    info_t = INFO_SSH;
}

if (version =~ "^7\.2(\.[0-9]+)?$")
{
  buf = info_send_cmd(cmd: "cat /etc/xenon/patch.info");
  if (empty_or_null(buf) || "7.2-HF2" >!< buf)
  {
    flag = TRUE;
    kb = "KB52320";
  }
}
else if (version =~ "^7\.3(\.[0-9]+)?$")
{
  buf = info_send_cmd(cmd: "cat /etc/xenon/patch.info");
  if (empty_or_null(buf) || "7.3-HF3" >!< buf)
  {
    flag = TRUE;
    kb = "KB52316";
  }
  # The appliance doesn't handle successive commands very well so we need to sleep
  sleep(1);
  buf = info_send_cmd(cmd:"rpm -qi health-broker-service-host | grep -F 'Version'");
  if (!empty_or_null(buf)) ver1 = pregmatch(pattern: "^Version\s+:\s+([0-9\.]+)", string:buf);
  sleep(1);
  buf = info_send_cmd(cmd:"rpm -qi vra-tests-host | grep -F 'Version'");
  if (!empty_or_null(buf)) ver2 = pregmatch(pattern: "^Version\s+:\s+([0-9\.]+)", string:buf);
  if (!empty_or_null(ver1) && !empty_or_null(ver1[1])) ver1 = ver1[1];
  if (!empty_or_null(ver2) && !empty_or_null(ver2[1])) ver2 = ver2[1];

  if (!empty_or_null(ver1) && !empty_or_null(ver2) && (ver_compare(ver:ver1, fix:"1.0.4", strict:FALSE) < 0 || ver_compare(ver:ver2, fix:"1.0.4", strict:FALSE) < 0))
  {
    flag = TRUE;
    if (!empty_or_null(kb)) kb = kb + ", KB52326";
    else kb = "KB52326";
  }
}

if(info_t == INFO_SSH) ssh_close_connection();

if (flag == TRUE)
{
  report = report_items_str(
    report_items:make_array(
      "Installed version", version,
      "KB(s)", kb
    ),
    ordered_fields:make_list("Installed version", "KB(s)")
  );
  security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);
}
else audit(AUDIT_INST_VER_NOT_VULN, app, version);
VendorProductVersionCPE
vmwarevrealize_automationcpe:/a:vmware:vrealize_automation

Related

nvd 1
veracode 1
cve 1
prion 1
cvelist 1
vmware 1
nvd
nvd
CVE-2017-4947
2018-01-29 16:29:00
veracode
veracode
Remote Code Execution (RCE)
2018-01-29 04:55:16
cve
cve
CVE-2017-4947
2018-01-29 16:29:00
prion
prion
Deserialization of untrusted data
2018-01-29 16:29:00
cvelist
cvelist
CVE-2017-4947
2018-01-26 00:00:00
vmware
vmware
vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities
2018-01-26 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.046 Low

EPSS

Percentile

92.6%

JSON
Related for VMWARE_VREALIZE_AUTOMATION_VMSA_2018_0006.NASL
nvd1veracode1cve1prion1cvelist1vmware1