Dell iDRAC7 Out-of-bounds Write (CVE-2020-5344)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501917);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/18");

  script_cve_id("CVE-2020-5344");

  script_name(english:"Dell iDRAC7 Out-of-bounds Write (CVE-2020-5344)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65,
2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow
vulnerability. An unauthenticated remote attacker may exploit this
vulnerability to crash the affected process or execute arbitrary code
on the system by sending specially crafted input data.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://www.dell.com/support/article/en-us/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?955e4fba");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5344");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(787);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/03/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/17");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:dell:idrac7_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:dell:idrac8_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:dell:idrac9_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Dell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Dell');

var asset = tenable_ot::assets::get(vendor:'Dell');

var vuln_cpes = {
    "cpe:/o:dell:idrac7_firmware" :
        {"versionEndExcluding" : "2.65.65.65", "family" : "iDRAC7"},
    "cpe:/o:dell:idrac8_firmware" :
        {"versionEndExcluding" : "2.70.70.70", "family" : "iDRAC8"},
    "cpe:/o:dell:idrac9_firmware" :
        {"versionEndExcluding" : "4.00.00.00", "family" : "iDRAC9"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);