6.4 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.032 Low
EPSS
Percentile
91.1%
EMC M&R (Watch4net) is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
CPE = "cpe:/a:emc:watch4net";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.105241");
script_cve_id("CVE-2015-0513", "CVE-2015-0515", "CVE-2015-0516");
script_tag(name:"cvss_base", value:"6.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_version("2023-05-16T09:08:27+0000");
script_name("EMC M&R (Watch4net) < 6.5u1 Multiple Vulnerabilities");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/72255");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/72256");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/72259");
script_tag(name:"impact", value:"A remote attacker could exploit the traversal vulnerability using
directory traversal characters ('../') to access arbitrary files that contain sensitive
information. Information harvested may aid in launching further attacks.
An attacker may leverage the Arbitrary File Upload Vulnerability to upload arbitrary files to the
affected computer. This can result in arbitrary code execution within the context of the
vulnerable application.
An attacker may leverage the Cross Site Scripting Vulnerabilities to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected site. This can allow the
attacker to steal cookie-based authentication credentials and launch other attacks.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"solution", value:"Updates are available.");
script_tag(name:"summary", value:"EMC M&R (Watch4net) is prone to multiple vulnerabilities.");
script_tag(name:"insight", value:"The following flaws exist:
- Credential Disclosure: It was discovered that EMC M&R (Watch4net) credentials of remote servers
stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to
obtain a copy of the encrypted credentials, it is trivial to decrypt them.
- Directory Traversal: A path traversal vulnerability was found in EMC M&R (Watch4net) Device
Discovery. This vulnerability allows an attacker to access sensitive files containing
configuration data, passwords, database records, log data, source code, and program scripts and
binaries.
- Arbitrary File Upload Vulnerability: An attacker may leverage this issue to upload arbitrary
files to the affected computer. This can result in arbitrary code execution within the context of
the vulnerable application.
- Multiple Cross Site Scripting Vulnerabilities: Multiple cross site scripting vulnerabilities
were found in EMC M&R (Watch4net) Centralized Management Console, Web Portal and Alerting
Frontend.");
script_tag(name:"affected", value:"EMC M&R (Watch4net) before 6.5u1.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"last_modification", value:"2023-05-16 09:08:27 +0000 (Tue, 16 May 2023)");
script_tag(name:"creation_date", value:"2015-03-20 10:57:29 +0100 (Fri, 20 Mar 2015)");
script_category(ACT_GATHER_INFO);
script_family("Web application abuses");
script_copyright("Copyright (C) 2015 Greenbone AG");
script_dependencies("gb_emc_m_and_r_detect.nasl");
script_mandatory_keys("emc_m_r/version");
exit(0);
}
include("host_details.inc");
include("revisions-lib.inc");
include("version_func.inc");
if( ! port = get_app_port( cpe:CPE ) )
exit( 0 );
if( ! vers = get_app_version( cpe:CPE, port:port ) )
exit( 0 );
if( revcomp( a:vers, b:"6.5u1" ) < 0 ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"6.5u1" );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );