Lucene search
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.IBM_STORWIZE_CVE-2017-1710.NASLHistoryFeb 15, 2018 - 12:00 a.m.
IBM San Volume Controller / Storwize / FlashSystem 8.1.x < 8.1.0.1 privilege escalation vulnerability
2018-02-1500:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
75.1%
According to its self-reported version number, the IBM San Volume Controller, Storwize or FlashSystem is vulnerable to an unspecified privilege escalation vulnerability within the Service Assistant GUI.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(106844);
script_version("1.5");
script_cvs_date("Date: 2019/06/13 17:57:55");
script_cve_id("CVE-2017-1710");
script_bugtraq_id(101770);
script_name(english:"IBM San Volume Controller / Storwize / FlashSystem 8.1.x < 8.1.0.1 privilege escalation vulnerability");
script_summary(english:"Checks for vulnerable IBM firmware versions.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a privilege escalation vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the IBM San Volume
Controller, Storwize or FlashSystem is vulnerable to an unspecified
privilege escalation vulnerability within the Service Assistant GUI.");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010788");
script_set_attribute(attribute:"solution", value:
"Upgrade to a firmware version 8.1.0.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/09");
script_set_attribute(attribute:"patch_publication_date", value:"2017/11/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/15");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:san_volume_controller_software");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v5000_software");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v7000_software");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:flashsystem_v9000_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ibm_storwize_detect.nbin");
script_require_ports("Host/IBM/Storwize/version", "Host/IBM/Storwize/machine_major", "Host/IBM/Storwize/display_name");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
version = get_kb_item_or_exit("Host/IBM/Storwize/version");
machine_major = get_kb_item_or_exit("Host/IBM/Storwize/machine_major");
display_name = get_kb_item_or_exit("Host/IBM/Storwize/display_name");
# audit out if it isn't an affected device
if (
machine_major != "2077" && # IBM Storwize V5000
machine_major != "2078" && # IBM Storwize V5000
machine_major != "2076" && # IBM Storwize V7000
machine_major != "2145" && # IBM SAN Volume Controller
machine_major != "9846" && # IBM FlashSystem V9000
machine_major != "9848" # IBM FlashSystem V9000
) audit(AUDIT_DEVICE_NOT_VULN, display_name);
if (version == UNKNOWN_VER)
audit(AUDIT_UNKNOWN_APP_VER, display_name);
# 8.1.x < 8.1.0.1
if (version =~ "^8\.1\.")
fix = "8.1.0.1";
else audit(AUDIT_DEVICE_NOT_VULN, display_name, version);
if (ver_compare(ver:version, fix:fix) < 0)
{
report =
'\n Name : ' + display_name +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);
}
else audit(AUDIT_DEVICE_NOT_VULN, display_name, version);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | san_volume_controller_software | cpe:/a:ibm:san_volume_controller_software | |
| ibm | storwize_v5000_software | cpe:/a:ibm:storwize_v5000_software | |
| ibm | storwize_v7000_software | cpe:/a:ibm:storwize_v7000_software | |
| ibm | flashsystem_v9000_firmware | cpe:/o:ibm:flashsystem_v9000_firmware |
Related
lenovo
lenovo
prion
prion
Privilege escalation
2017-11-13 23:29:00
cvelist
cvelist
CVE-2017-1710
2017-11-08 00:00:00
ibm
ibm
cve
cve
CVE-2017-1710
2017-11-13 23:29:00
nvd
nvd
CVE-2017-1710
2017-11-13 23:29:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
75.1%
Related for IBM_STORWIZE_CVE-2017-1710.NASL