CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
51.9%
The version of OTRS running on the remote host is 3.3.x prior to 3.3.18, 4.0.x prior to 4.0.25, 5.0.x prior to 5.0.23 or 6.0.x prior to 6.0.beta2. It is, therefore, affected by a remote code execution vulnerability.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(105155);
script_version("1.4");
script_cvs_date("Date: 2019/11/12");
script_cve_id("CVE-2017-14635");
script_name(english:"OTRS Unspecified Remote Code Execution (OSA-2017-04)");
script_summary(english:"Checks the product version.");
script_set_attribute(attribute:"synopsis", value:
"A service management application running on the remote host is affected by
a remote code execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of OTRS running on the remote host is 3.3.x prior to
3.3.18, 4.0.x prior to 4.0.25, 5.0.x prior to 5.0.23 or 6.0.x prior
to 6.0.beta2. It is, therefore, affected by a remote code execution
vulnerability.");
# https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b75d8fec");
script_set_attribute(attribute:"solution", value:
"Upgrade to OTRS version 3.3.18 / 4.0.25 / 5.0.23 / 6.0.beta2 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-14635");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/19");
script_set_attribute(attribute:"patch_publication_date", value:"2017/09/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/11");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:otrs:otrs");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("otrs_detect.nbin");
script_require_ports("Services/www", 80, 443);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("vcf.inc");
port = get_http_port(default:80);
app = vcf::get_app_info(app:"OTRS Web", webapp:TRUE, port:port);
if (app.version !~ "^3\.3" && app.version !~ "^[456]\.0")
audit(AUDIT_UNKNOWN_WEB_APP_VER, app.app, build_url(port:app.port, qs:app.path));
constraints =
[
{"min_version" : "3.3.0", "fixed_version" : "3.3.18"},
{"min_version" : "4.0.0", "fixed_version" : "4.0.25"},
{"min_version" : "5.0.0", "fixed_version" : "5.0.23"},
{"min_version" : "6.0.0.beta1", "fixed_version" : "6.0.0.beta2"}
];
vcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_WARNING, strict:FALSE);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
51.9%