CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
41.0%
According to its self-reported version number, the Symantec (formerly Blue Coat) Reporter installation running on the remote host is 10.1 prior to 10.1.5.6 or 10.2 prior to 10.2.1.8. It is, therefore, affected by an OS command injection vulnerability. An authenticated attacker with Enable mode administrator access can execute arbitrary OS commands with elevated system privileges.
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(121254);
script_version("1.5");
script_cvs_date("Date: 2019/10/31 15:18:51");
script_cve_id("CVE-2018-12237");
script_bugtraq_id(106518);
script_name(english:"Symantec (Blue Coat) Reporter CLI OS Command Injection Vulnerability (SYMSA1465)");
script_summary(english:"Checks the version of Symantec Reporter.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is running a version of Symantec (Blue Coat)
Reporter CLI that is affected by an OS command injection vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Symantec
(formerly Blue Coat) Reporter installation running on the remote
host is 10.1 prior to 10.1.5.6 or 10.2 prior to 10.2.1.8. It is,
therefore, affected by an OS command injection vulnerability. An
authenticated attacker with Enable mode administrator access can
execute arbitrary OS commands with elevated system privileges.
Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version
number.");
# https://support.symantec.com/en_US/article.SYMSA1465.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ab29c0bf");
script_set_attribute(attribute:"solution", value:
"Upgrade to Symantec Reporter version 10.1.5.6 / 10.2.1.8 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12237");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/10");
script_set_attribute(attribute:"patch_publication_date", value:"2019/01/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:symantec:reporter");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("symantec_reporter_web_detection.nbin");
script_require_keys("installed_sw/Symantec Reporter");
script_require_ports("Services/www");
exit(0);
}
include("http.inc");
include("vcf.inc");
port = get_http_port(default:8082);
app = "Symantec Reporter";
app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);
vcf::check_granularity(app_info:app_info, sig_segments:4);
constraints = [
{ "min_version" : "10.1.0.0", "max_version" : "10.1.5.5", "fixed_version" : "10.1.5.6" },
{ "min_version" : "10.2.0.0", "max_version" : "10.2.1.7", "fixed_version" : "10.2.1.8" }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
41.0%