Lucene search

HistoryApr 03, 2020 - 12:00 a.m.

ManageEngine Desktop Central < 10 Build 10.0.515 Information Disclosure

2020-04-0300:00:00

www.tenable.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.006

Percentile

79.2%

JSON

The ManageEngine Desktop Central application running on the remote host is prior to version 10 build 10.0.515. It is, therefore, affected by an information disclosure vulnerability in the PDFGenerationServlet component due to improper access controls. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(135186);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/08/07");

  script_cve_id("CVE-2020-8509");
  script_xref(name:"IAVA", value:"2020-A-0122-S");

  script_name(english:"ManageEngine Desktop Central < 10 Build 10.0.515 Information Disclosure");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a Java-based web application that is affected by an information disclosure vulnerability.");
  script_set_attribute(attribute:"description", value:
"The ManageEngine Desktop Central application running on the remote host is prior to version 10 build 10.0.515. It is,
therefore, affected by an information disclosure vulnerability in the PDFGenerationServlet component due to improper
access controls. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information.");
  # https://www.manageengine.com/products/desktop-central/unauthenticated-servlet-access.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?70529b7a");
  script_set_attribute(attribute:"solution", value:
"Upgrade to ManageEngine Desktop Central version 10 build 10.0.515 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8509");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/03/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/03");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:zohocorp:manageengine_desktop_central");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("manageengine_desktop_central_detect.nbin");
  script_require_keys("installed_sw/ManageEngine Desktop Central");
  script_require_ports("Services/www", 8020, 8383, 8040);

  exit(0);
}

include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('http.inc');
include('webapp_func.inc');

appname = 'ManageEngine Desktop Central';
get_install_count(app_name:appname, exit_if_zero:TRUE);

port = get_http_port(default:8020);

install = get_single_install(
  app_name            : appname,
  port                : port,
  exit_if_unknown_ver : TRUE
);

dir = install['path'];
version = install['version'];
build   = install['build'];
ismsp   = install['MSP'];
rep_version = version;

install_url =  build_url(port:port, qs:dir);

if (ismsp) appname += ' MSP';

if (build == UNKNOWN_VER)
  exit(0, 'The build number of '+appname+' version ' +rep_version+ ' listening at ' +install_url+ ' could not be determined.');
else
  rep_version += ' Build ' + build;

build = int(build);
if (version =~ "^10(\.|$)" && build < 100515)
{
    report =
      '\n  URL               : ' + install_url +
      '\n  Installed version : ' + rep_version +
      '\n  Fixed version     : 10 Build 100515' +
      '\n';
    security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, install_url, rep_version);

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8509

www.nessus.org/u?70529b7a

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.006

Percentile

79.2%

JSON

Related for MANAGEENGINE_DESKTOP_CENTRAL_100515.NASL