CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
EPSS
Percentile
36.0%
The remote IBM Storwize device is affected by an ACL security bypass vulnerability due to a race condition in the Active Cloud Engine (ACE) component caused by an error in NFS packet retransmission in response to noisy or slow responding networks. An authenticated, remote attacker can exploit this to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(85707);
script_version("1.3");
script_cvs_date("Date: 2018/07/12 19:01:16");
script_cve_id("CVE-2014-0875");
script_bugtraq_id(68398);
script_name(english:"IBM Storwize V7000 Unified ACL Security Bypass");
script_summary(english:"Checks for vulnerable Storwize models.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by an ACL security bypass vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote IBM Storwize device is affected by an ACL security bypass
vulnerability due to a race condition in the Active Cloud Engine (ACE)
component caused by an error in NFS packet retransmission in response
to noisy or slow responding networks. An authenticated, remote
attacker can exploit this to bypass intended ACL restrictions in
opportunistic circumstances by leveraging incorrect ACL
synchronization over an unreliable NFS connection that requires
retransmissions.");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004738");
script_set_attribute(attribute:"solution", value:
"Upgrade to IBM Storwize version 1.5.0.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/02");
script_set_attribute(attribute:"patch_publication_date", value:"2014/07/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/31");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_unified_v7000");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_unified_v7000_software");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
script_dependencies("ibm_storwize_detect.nbin");
script_require_ports("Host/IBM/Storwize/version", "Host/IBM/Storwize/machine_major", "Host/IBM/Storwize/display_name");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
version = get_kb_item_or_exit("Host/IBM/Storwize/version");
machine_major = get_kb_item_or_exit("Host/IBM/Storwize/machine_major");
display_name = get_kb_item_or_exit("Host/IBM/Storwize/display_name");
fix = "1.5.0.0";
# audit out if it isn't an affected device
if (
machine_major != "2073" # V7000 Unified
) audit(AUDIT_DEVICE_NOT_VULN, display_name);
if (version == "Unknown" || version == UNKNOWN_VER)
audit(AUDIT_UNKNOWN_APP_VER, "IBM Storwize");
if (version !~ "^[0-9.]+$")
audit(AUDIT_VER_FORMAT, version);
if (
version !~ "^1\.(3|4\.[0-3])\." ||
ver_compare(ver:version, fix:fix, strict:FALSE) >= 0
) audit(AUDIT_DEVICE_NOT_VULN, display_name, version);
if (report_verbosity > 0)
{
report =
'\n Name : ' + display_name +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
security_note(port:0, extra:report);
}
else security_note(port:0);