CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
37.8%
Opmantek NMIS is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = 'cpe:/a:opmantek:nmis';
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.106245");
script_version("2023-07-21T05:05:22+0000");
script_tag(name:"last_modification", value:"2023-07-21 05:05:22 +0000 (Fri, 21 Jul 2023)");
script_tag(name:"creation_date", value:"2016-09-15 09:47:18 +0700 (Thu, 15 Sep 2016)");
script_tag(name:"cvss_base", value:"6.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2017-04-14 15:11:00 +0000 (Fri, 14 Apr 2017)");
script_cve_id("CVE-2016-5642", "CVE-2016-6534");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Opmantek NMIS Multiple Vulnerabilities");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("General");
script_dependencies("gb_opmantek_nmis_detect.nasl");
script_mandatory_keys("opmantek_nmis/installed");
script_tag(name:"summary", value:"Opmantek NMIS is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"NMIS is prone to two vulnerabilities:
A stored server XSS vulnerability exists due to insufficient filtering of SNMP agent supplied data before the
affected software stores and displays the data. The stored XSS payload is delivered to the affected software
during the SNMP data collect operation performed when adding and updating a node (CVE-2016-5642).
A command injection vulnerability in the web application component of NMIS exists due to insufficient input
validation. The command injection vulnerability exists in the tools.pl CGI script via the 'node' parameter when
the 'act' parameter is set to 'tool_system_finger'. The user must be authenticated and granted the tls_finger
permission, which does not appear to be enabled by default (CVE-2016-6534).");
script_tag(name:"impact", value:"A successful exploit could allow an attacker to execute arbitrary script
code in the context of the interface, or an authenticated attacker may execute arbitrary commands.");
script_tag(name:"affected", value:"NMIS version 4.x and 8.x.");
script_tag(name:"solution", value:"Update to 4.3.7c, 8.5.12G or later");
script_xref(name:"URL", value:"https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2");
exit(0);
}
include("host_details.inc");
include("revisions-lib.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!version = get_app_version(cpe: CPE, port: port))
exit(0);
if (version =~ "^8\.") {
if (revcomp(a: version, b: "8.5.12g") < 0) {
report = report_fixed_ver(installed_version: toupper(version), fixed_version: "8.5.12G");
security_message(port: port, data: report);
exit(0);
}
}
if (version =~ "^4\.") {
if (revcomp(a: version, b: "4.3.7c") < 0) {
report = report_fixed_ver(installed_version: version, fixed_version: "4.3.7c");
security_message(port: port, data: report);
exit(0);
}
}
exit(0);
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
37.8%