Cisco Webex Meetings Desktop App for Windows Shared Memory Information Disclosure (cisco-sa-webex-client-NBmqM9vt)

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(138015);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/06/29");

  script_cve_id("CVE-2020-3347");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvt99384");
  script_xref(name:"CISCO-SA", value:"cisco-sa-webex-client-NBmqM9vt");
  script_xref(name:"IAVA", value:"2020-A-0273");

  script_name(english:"Cisco Webex Meetings Desktop App for Windows Shared Memory Information Disclosure (cisco-sa-webex-client-NBmqM9vt)");

  script_set_attribute(attribute:"synopsis", value:
"The remote videoconferencing software is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Webex Meetings Desktop App for Windows is affected by an information
disclosure vulnerability due to unsafe usage of shared memory. An authenticated, local attacker can exploit this, by
running an application on the local system tha tis designed to read shared memory, in order to retrieve sensitive
information from the shared memory, including usernames, meeting information, or authentication tokens that could aid
the attacker in future attacks

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-NBmqM9vt
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a006d154");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt99384");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvt99384");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3347");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:webex_meetings");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_webex_meetings_win_installed.nbin");
  script_require_keys("installed_sw/Cisco Webex Meetings");

  exit(0);
}

include('vcf.inc');

get_kb_item_or_exit('Host/local_checks_enabled');
app = 'Cisco Webex Meetings';

app_info = vcf::get_app_info(app:app, win_local:TRUE);

fixed_display = 'Refer to Cisco Bug ID: CSCvt99384';
constraints = [
  { 'fixed_version' : '39.5.26', 'fixed_display' : fixed_display }, // lockdown version
  { 'min_version'   : '39.6',  'fixed_version' : '40.4.12', 'fixed_display' : fixed_display }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);