4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
0.002 Low
EPSS
Percentile
52.8%
The remote host is running iDRAC9 with a firmware version prior to 4.20.20.20. It is, therefore, affected by a directory traversal vulnerability due to insufficient validation of user input. An authenticated, remote attacker can exploit this, by sending a URI that contains directory traversal characters, to disclose the contents of files located outside of the server’s restricted path.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(139206);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2020-5366");
script_xref(name:"IAVA", value:"2020-A-0343-S");
script_name(english:"Dell iDRAC9 Directory Traversal (DSA-2020-128)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a directory traversal vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote host is running iDRAC9 with a firmware version prior to 4.20.20.20. It is, therefore, affected by a
directory traversal vulnerability due to insufficient validation of user input. An authenticated, remote attacker can
exploit this, by sending a URI that contains directory traversal characters, to disclose the contents of files located
outside of the server's restricted path.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://www.dell.com/support/article/en-ie/sln322125/dsa-2020-128-idrac-local-file-inclusion-vulnerability?lang=en
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dbd53980");
script_set_attribute(attribute:"solution", value:
"Update the remote host to iDRAC9 firmware 4.20.20.20 or higher.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5366");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/07");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/31");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/h:dell:idrac9");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("drac_detect.nasl");
script_require_keys("installed_sw/iDRAC");
script_require_ports("Services/www", 443);
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
include('http.inc');
port = get_http_port(default:443, embedded:TRUE);
app_info = vcf::idrac::get_app_info(port:port);
constraints = [{'idrac':'9', 'min_version':'1.0', 'fixed_version':'4.20.20.20'}];
vcf::idrac::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
0.002 Low
EPSS
Percentile
52.8%