CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
99.9%
The WinSCP program installed on the remote host is version 4.x later than 4.3.7, 5.x later than 5.0.6 and prior to 5.5.3. It is, therefore, affected by the following vulnerabilities :
An out-of-bounds read error, known as the ‘Heartbleed Bug’, exists related to handling TLS heartbeat extensions that allow an attacker to obtain sensitive information such as primary key material, secondary key material, and other protected content. (CVE-2014-0160)
An error exists related to X.509 certificates, FTP with TLS, and host validation that allows an attacker to spoof a server and obtain sensitive information.
(CVE-2014-2735)
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(73613);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");
script_cve_id("CVE-2014-0160", "CVE-2014-2735");
script_bugtraq_id(66690, 66936);
script_xref(name:"CERT", value:"720951");
script_xref(name:"EDB-ID", value:"32745");
script_xref(name:"EDB-ID", value:"32764");
script_xref(name:"EDB-ID", value:"32791");
script_xref(name:"EDB-ID", value:"32998");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/25");
script_name(english:"WinSCP Heartbeat Information Disclosure (Heartbleed)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The WinSCP program installed on the remote host is version 4.x later
than 4.3.7, 5.x later than 5.0.6 and prior to 5.5.3. It is, therefore,
affected by the following vulnerabilities :
- An out-of-bounds read error, known as the 'Heartbleed
Bug', exists related to handling TLS heartbeat
extensions that allow an attacker to obtain sensitive
information such as primary key material, secondary key
material, and other protected content. (CVE-2014-0160)
- An error exists related to X.509 certificates, FTP
with TLS, and host validation that allows an attacker to
spoof a server and obtain sensitive information.
(CVE-2014-2735)");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2014/Apr/90");
script_set_attribute(attribute:"see_also", value:"https://winscp.net/tracker/show_bug.cgi?id=1151");
script_set_attribute(attribute:"see_also", value:"https://winscp.net/tracker/show_bug.cgi?id=1152");
script_set_attribute(attribute:"see_also", value:"https://winscp.net/eng/docs/history#5.5.3");
script_set_attribute(attribute:"see_also", value:"http://heartbleed.com/");
script_set_attribute(attribute:"see_also", value:"http://eprint.iacr.org/2014/140");
script_set_attribute(attribute:"see_also", value:"http://www.openssl.org/news/vulnerabilities.html#2014-0160");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140407.txt");
script_set_attribute(attribute:"solution", value:
"Upgrade to WinSCP version 5.5.3 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-2735");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2014-0160");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/24");
script_set_attribute(attribute:"patch_publication_date", value:"2014/04/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:winscp:winscp");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("winscp_installed.nbin");
script_require_keys("installed_sw/WinSCP");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
app = 'WinSCP';
fixed_version = '5.5.3';
install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
version = install['version'];
path = install['path'];
if (
# 4.x later than 4.3.7
(version =~ "^4\." && ver_compare(ver:version, fix:"4.3.7", strict:FALSE) > 0) ||
# 5.0.6 > 5.x < 5.5.0
(version =~ "^5\.[0-4]\." && ver_compare(ver:version, fix:"5.0.6", strict:FALSE) > 0) ||
# 5.5.x < 5.5.3
(version =~ "^5\.5\." && ver_compare(ver:version, fix:"5.5.3.4193", strict:FALSE) < 0)
)
{
port = get_kb_item("SMB/transport");
if (!port) port = 445;
if (report_verbosity > 0)
{
report =
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed versions : ' + fixed_version +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2735
eprint.iacr.org/2014/140
heartbleed.com/
www.openssl.org/news/vulnerabilities.html#2014-0160
seclists.org/bugtraq/2014/Apr/90
winscp.net/eng/docs/history#5.5.3
winscp.net/tracker/show_bug.cgi?id=1151
winscp.net/tracker/show_bug.cgi?id=1152
www.openssl.org/news/secadv/20140407.txt
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
99.9%