7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
61.8%
Microsoft Office Online Server is missing a security update. It is, therefore, affected a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(164147);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/07");
script_cve_id("CVE-2022-33648");
script_xref(name:"MSKB", value:"5002228");
script_xref(name:"MSFT", value:"MS22-5002228");
script_xref(name:"IAVA", value:"2022-A-0316-S");
script_name(english:"Security Update for Microsoft Office Online Server (August 2022)");
script_set_attribute(attribute:"synopsis", value:
"Microsoft Office Online Server is affected by a remote code vulnerability.");
script_set_attribute(attribute:"description", value:
"Microsoft Office Online Server is missing a security update. It is, therefore, affected a remote code execution
vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5002228");
script_set_attribute(attribute:"solution", value:
"Microsoft has released the following security update to address this issue:
-KB5002228");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-33648");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/09");
script_set_attribute(attribute:"patch_publication_date", value:"2022/08/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office_online_server");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office_web_apps");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("office_installed.nasl", "microsoft_owa_installed.nbin", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl", "microsoft_office_compatibility_pack_installed.nbin");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('install_func.inc');
get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');
var bulletin = 'MS22-08';
var kbs = make_list('5002228');
if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);
var port = kb_smb_transport();
# Get installs of Office Web Apps
var owa_install, oos_path, oos_sp;
var owa_installs = get_installs(app_name:'Microsoft Office Web Apps');
if (!empty_or_null(owa_installs))
{
foreach owa_install (owa_installs[1])
{
if (owa_install['Product'] == '2016')
{
var oos_path = owa_install['path'];
var oos_sp = owa_install['SP'];
}
}
}
var vuln = FALSE;
####################################################################
# Office Online Server
####################################################################
if (oos_path && (!isnull(oos_sp) && oos_sp == '0'))
{
path = hotfix_append_path(path:oos_path, value:'WordConversionService\\bin\\Converter');
if (hotfix_check_fversion(file:'sword.dll', version:'16.0.10389.20000', min_version:'16.0.10000.0', path:path, kb:'5002228', product:'Office Online Server') == HCF_OLDER)
vuln = TRUE;
}
if (vuln)
{
replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | office_online_server | cpe:/a:microsoft:office_online_server | |
microsoft | office_web_apps | cpe:/a:microsoft:office_web_apps |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
61.8%