Lucene search
Copyright (C) 2020 Greenbone AGOPENVAS:1361412562311220202174HistoryOct 12, 2020 - 12:00 a.m.
Huawei EulerOS: Security Advisory for cifs-utils (EulerOS-SA-2020-2174)
2020-10-1200:00:00
Copyright (C) 2020 Greenbone AG
plugins.openvas.org
9
huawei euleros
cifs-utils
samba
arbitrary commands
vulnerability
package update
CVSS2
4.4
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
EPSS
0.002
Percentile
61.2%
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2020.2174");
script_cve_id("CVE-2020-14342");
script_tag(name:"creation_date", value:"2020-10-12 10:21:58 +0000 (Mon, 12 Oct 2020)");
script_version("2024-02-05T14:36:56+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"4.4");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-09-14 20:12:28 +0000 (Mon, 14 Sep 2020)");
script_name("Huawei EulerOS: Security Advisory for cifs-utils (EulerOS-SA-2020-2174)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP9\-X86_64");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2020-2174");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2020-2174");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'cifs-utils' package(s) announced via the EulerOS-SA-2020-2174 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.(CVE-2020-14342)");
script_tag(name:"affected", value:"'cifs-utils' package(s) on Huawei EulerOS V2.0SP9(x86_64).");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP9-x86_64") {
if(!isnull(res = isrpmvuln(pkg:"cifs-utils", rpm:"cifs-utils~6.10~0.h1.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
cbl_mariner
cbl_mariner
CVE-2020-14342 affecting package cifs-utils for versions less than 6.8-6
2022-04-09 06:51:43
CVE-2020-14342 affecting package cifs-utils 6.8-6
2020-11-05 04:21:18
openvas
openvas
Huawei EulerOS: Security Advisory for cifs-utils (EulerOS-SA-2021-1284)
2021-02-22 00:00:00
Huawei EulerOS: Security Advisory for cifs-utils (EulerOS-SA-2021-2130)
2021-07-07 00:00:00
Huawei EulerOS: Security Advisory for cifs-utils (EulerOS-SA-2021-1463)
2021-03-05 00:00:00
veracode
veracode
Privilege Escalation
2020-09-21 06:27:28
nessus
nessus
EulerOS 2.0 SP8 : cifs-utils (EulerOS-SA-2020-2305)
2020-11-02 00:00:00
EulerOS 2.0 SP9 : cifs-utils (EulerOS-SA-2020-2164)
2020-10-09 00:00:00
RHEL 8 : cifs-utils (Unpatched Vulnerability)
2024-05-11 00:00:00
cve
cve
CVE-2020-14342
2020-09-09 12:15:11
debiancve
debiancve
CVE-2020-14342
2020-09-09 12:15:11
fedora
fedora
[SECURITY] Fedora 33 Update: cifs-utils-6.11-1.fc33
2020-11-11 01:21:13
[SECURITY] Fedora 32 Update: cifs-utils-6.11-1.fc32
2020-11-11 01:21:33
mageia
mageia
Updated cifs-utils packages fix security vulnerability
2020-09-27 23:06:37
suse
suse
Security update for cifs-utils (moderate)
2020-09-30 00:00:00
Security update for cifs-utils (important)
2021-05-01 00:00:00
osv
osv
CVE-2020-14342
2020-09-09 12:15:11
cifs-utils vulnerabilities
2022-06-02 16:41:26
cifs-utils-6.13-1.3 on GA media
2024-06-15 00:00:00
ubuntucve
ubuntucve
CVE-2020-14342
2020-09-09 00:00:00
redhatcve
redhatcve
CVE-2020-14342
2020-09-07 07:19:40
gentoo
gentoo
LinuxCIFS: Shell injection
2020-09-29 00:00:00
nvd
nvd
CVE-2020-14342
2020-09-09 12:15:11
alpinelinux
alpinelinux
CVE-2020-14342
2020-09-09 12:15:11
cvelist
cvelist
CVE-2020-14342
2020-09-09 11:13:35
prion
prion
Design/Logic Flaw
2020-09-09 12:15:00
ubuntu
ubuntu
cifs-utils vulnerabilities
2022-06-02 00:00:00
photon
photon
CVSS2
4.4
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
EPSS
0.002
Percentile
61.2%
Related for OPENVAS:1361412562311220202174