Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS19_NOV_EXCHANGE.NASL
HistoryNov 15, 2019 - 12:00 a.m.

Security Updates for Exchange (November 2019)

2019-11-1500:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.5%

JSON

The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

  • A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the logged in user. Exploitation of this vulnerability requires that a user run cmdlets via PowerShell. The security update addresses the vulnerability by correcting how Exchange serializes its metadata. (CVE-2019-1373)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

# The descriptive text and package checks in this plugin were  
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(131025);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/06");

  script_cve_id("CVE-2019-1373");
  script_xref(name:"MSKB", value:"4523171");
  script_xref(name:"MSFT", value:"MS19-4523171");

  script_name(english:"Security Updates for Exchange (November 2019)");

  script_set_attribute(attribute:"synopsis", value:
"The Microsoft Exchange Server installed on the remote host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The Microsoft Exchange Server installed on the remote host
is missing a security update. It is, therefore, affected by
the following vulnerability :

  - A remote code execution vulnerability exists in
    Microsoft Exchange through the deserialization of
    metadata via PowerShell. An attacker who successfully
    exploited the vulnerability could run arbitrary code in
    the context of the logged in user. Exploitation of this
    vulnerability requires that a user run cmdlets via
    PowerShell. The security update addresses the
    vulnerability by correcting how Exchange serializes its
    metadata. (CVE-2019-1373)");
  # https://support.microsoft.com/en-us/help/4523171/security-update-for-exchange-server-2019-2016-and-2013
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a817f0c6");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released KB4523171 to address this issue.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1373");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:exchange_server:2016");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:exchange_server:2019");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ms_bulletin_checks_possible.nasl", "microsoft_exchange_installed.nbin");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('vcf_extras_microsoft.inc');

var app_info = vcf::microsoft::exchange::get_app_info();

var constraints =
[
   {
    'product' : '2013',
    'cu' : 23,
    'min_version': '15.00.1497.0',
    'fixed_version': '15.00.1497.4',
    'kb': '4523171'
  },
   {
    'product' : '2016',
    'cu' : 13,
    'min_version': '15.01.1779.0',
    'fixed_version': '15.01.1779.7',
    'kb': '4523171'
  },
  {
    'product' : '2016',
    'cu' : 14,
    'min_version': '15.01.1847.0',
    'fixed_version': '15.01.1847.5',
    'kb': '4523171'
  },
  {
    'product' : '2019',
    'cu' : 2,
    'min_version': '15.02.397.0',
    'fixed_version': '15.02.397.9',
    'kb': '4523171'
  },
  {
    'product' : '2019',
    'cu' : 3,
    'min_version': '15.02.464.0',
    'fixed_version': '15.02.464.7',
    'kb': '4523171'
  }

];

vcf::microsoft::exchange::check_version_and_report
(
  app_info:app_info,
  bulletin:'MS19-09',
  constraints:constraints,
  severity:SECURITY_HOLE
);
VendorProductVersionCPE
microsoftexchange_server2016cpe:/a:microsoft:exchange_server:2016
microsoftexchange_server2019cpe:/a:microsoft:exchange_server:2019

Related

cve 1
prion 1
symantec 1
kaspersky 1
mscve 5
cvelist 1
nvd 1
mskb 1
qualysblog 1
talosblog 1
cve
cve
CVE-2019-1373
2019-11-12 19:15:12
prion
prion
Remote code execution
2019-11-12 19:15:00
symantec
symantec
Microsoft Exchange Server CVE-2019-1373 Remote Code Execution Vulnerability
2019-11-12 00:00:00
kaspersky
kaspersky
KLA11606 ACE vulnerability in Microsoft Exchange Server
2019-11-12 00:00:00
mscve
mscve
Microsoft Exchange Remote Code Execution Vulnerability
2019-11-12 08:00:00
Microsoft Exchange Server Remote Code Execution Vulnerability
2021-03-02 08:00:00
Microsoft Exchange Server Remote Code Execution Vulnerability
2021-03-02 08:00:00
cvelist
cvelist
CVE-2019-1373
2019-11-12 18:52:50
nvd
nvd
CVE-2019-1373
2019-11-12 19:15:12
mskb
mskb
Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 12, 2019
2019-11-12 08:00:00
qualysblog
qualysblog
November 2019 Patch Tuesday – 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe
2019-11-12 19:28:42
talosblog
talosblog
Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
2019-11-12 11:58:09

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.5%

JSON
Related for SMB_NT_MS19_NOV_EXCHANGE.NASL
cve1prion1symantec1kaspersky1mscve5cvelist1nvd1mskb1qualysblog1talosblog1