6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
0.003 Low
EPSS
Percentile
70.0%
The version of Adobe Connect running on the remote host is prior to 9.7. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(104572);
script_version("1.7");
script_cvs_date("Date: 2019/11/12");
script_cve_id(
"CVE-2017-11287",
"CVE-2017-11288",
"CVE-2017-11289",
"CVE-2017-11290",
"CVE-2017-11291"
);
script_bugtraq_id(101838);
script_name(english:"Adobe Connect < 9.7 Multiple Vulnerabilities (APSB17-35)");
script_summary(english:"Checks the version of Adobe Connect.");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains an application that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Adobe Connect running on the remote host is prior to
9.7. It is, therefore, affected by multiple vulnerabilities as
referenced in the advisory.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/connect/apsb17-35.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Connect version 9.7 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-11291");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/14");
script_set_attribute(attribute:"patch_publication_date", value:"2017/11/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/15");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:connect");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("adobe_connect_detect.nbin");
script_require_keys("installed_sw/Adobe Connect");
script_require_ports("Services/www", 80, 443);
exit(0);
}
include("http.inc");
include("vcf.inc");
app = "Adobe Connect";
get_install_count(app_name:app, exit_if_zero:TRUE);
port = get_http_port(default:80);
app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);
vcf::check_granularity(app_info:app_info, sig_segments:2);
constraints = [
{ "max_version" : "9.6.2", "fixed_version" : "9.7" }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xss:TRUE});
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11287
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11288
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11289
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11290
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11291
helpx.adobe.com/security/products/connect/apsb17-35.html
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
0.003 Low
EPSS
Percentile
70.0%