Dell iDRAC6 Out-of-bounds Write (CVE-2019-3705)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501915);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/18");

  script_cve_id("CVE-2019-3705");

  script_name(english:"Dell iDRAC6 Out-of-bounds Write (CVE-2019-3705)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior
to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22,
3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow
vulnerability. An unauthenticated remote attacker may potentially
exploit this vulnerability to crash the webserver or execute arbitrary
code on the system with privileges of the webserver by sending
specially crafted input data to the affected system.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?da6901b0");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3705");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(787);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/17");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:dell:idrac6_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:dell:idrac7_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:dell:idrac8_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:dell:idrac9_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Dell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Dell');

var asset = tenable_ot::assets::get(vendor:'Dell');

var vuln_cpes = {
    "cpe:/o:dell:idrac6_firmware" :
        {"versionEndExcluding" : "2.92", "family" : "iDRAC6"},
    "cpe:/o:dell:idrac7_firmware" :
        {"versionEndExcluding" : "2.61.60.60", "family" : "iDRAC7"},
    "cpe:/o:dell:idrac8_firmware" :
        {"versionEndExcluding" : "2.61.60.60", "family" : "iDRAC8"},
    "cpe:/o:dell:idrac9_firmware" :
        {"versionEndExcluding" : "3.20.21.20", "family" : "iDRAC9"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);