Lucene search
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ILO_SSO_UNAUTH_ACCESS.NASLHistorySep 03, 2013 - 12:00 a.m.
iLO 3 < 1.57 / iLO 4 < 1.22 Unspecified Arbitrary Code Execution
2013-09-0300:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
107
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.011 Low
EPSS
Percentile
84.8%
According to its version number and single sign-on settings, the remote HP Integrated Lights-Out (iLO) server is affected by an arbitrary code execution vulnerability in its web interface.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(69554);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2013-2338");
script_bugtraq_id(60480);
script_name(english:"iLO 3 < 1.57 / iLO 4 < 1.22 Unspecified Arbitrary Code Execution");
script_summary(english:"Checks version of HP Integrated Lights-Out (iLO) and whether SSO is enabled.");
script_set_attribute(attribute:"synopsis", value:
"The remote HP Integrated Lights-Out (iLO) server's web interface is
affected by a remote code execution vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its version number and single sign-on settings, the
remote HP Integrated Lights-Out (iLO) server is affected by an
arbitrary code execution vulnerability in its web interface.");
# https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03787836-3
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?69c1ba3e");
script_set_attribute(attribute:"solution", value:
"For HP Integrated Lights-Out (iLO) 3, disable single sign-on or
upgrade firmware to 1.57 or later. For iLO 4, disable single sign-on
or upgrade firmware to 1.22 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2338");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/11");
script_set_attribute(attribute:"patch_publication_date", value:"2013/06/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/03");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_3_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_4_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ilo_detect.nasl");
script_require_keys("Settings/ParanoidReport", "www/ilo", "ilo/generation", "ilo/firmware");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("http.inc");
include("misc_func.inc");
include("webapp_func.inc");
if (report_paranoia < 2)
audit(AUDIT_PARANOID);
# Each generation has its own series of firmware version numbers.
generation = get_kb_item_or_exit("ilo/generation");
# The version is tied to the firmware and not specific to the web interface.
version = get_kb_item_or_exit("ilo/firmware");
port = get_http_port(default:80, embedded:TRUE);
install = get_install_from_kb(
appname : "ilo",
port : port,
exit_on_fail : TRUE
);
install_url = build_url(port:port, qs:install["dir"]);
# The vulnerability exists in the single sign-on feature.
get_kb_item_or_exit("www/ilo/" + port + "/sso_enabled");
# Firmware is unique to the generation of iLO.
if (generation == 3)
fixed_version = "1.57";
else if (generation == 4)
fixed_version = "1.22";
else
audit(AUDIT_WEB_APP_NOT_AFFECTED, "iLO " + generation, install_url, version);
if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) >= 0)
audit(AUDIT_WEB_APP_NOT_AFFECTED, "iLO " + generation, install_url, version);
report = NULL;
if (report_verbosity > 0)
{
report =
'\n URL : ' + install_url +
'\n Generation : ' + generation +
'\n Firmware version : ' + version +
'\n Fixed version : ' + fixed_version +
'\n';
}
security_hole(port:port, extra:report);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hp | integrated_lights-out_3_firmware | cpe:/o:hp:integrated_lights-out_3_firmware | |
| hp | integrated_lights-out_4_firmware | cpe:/o:hp:integrated_lights-out_4_firmware |
Related
openvas
openvas
HP Integrated Lights-Out (iLO) Remote Unauthorized Access Vulnerability
2013-09-10 00:00:00
securityvulns
securityvulns
prion
prion
Code injection
2013-06-14 19:55:00
nvd
nvd
CVE-2013-2338
2013-06-14 19:55:01
cve
cve
CVE-2013-2338
2022-10-03 16:15:00
cvelist
cvelist
CVE-2013-2338
2022-10-03 16:15:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.011 Low
EPSS
Percentile
84.8%
Related for ILO_SSO_UNAUTH_ACCESS.NASL