IBM TSM for Virtual Environments 6.3.x < 6.3.2.5 / 6.4.x < 6.4.3.1 / 7.1.x < 7.1.4.0 RCE

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

A backup application installed on the remote host is affected by a
remote command execution vulnerability.

Description :

The version of IBM Tivoli Storage Manager (TSM) for Virtual
Environments installed on the remote host is 6.3.x prior to 6.3.2.5,
6.4.x prior to 6.4.3.1, or 7.1.x prior to 7.1.4.0. It is, therefore,
affected by multiple vulnerabilities :

- An unspecified flaw exists in the user interface that
allows an unauthenticated, remote attacker to perform
backup and restore operations and to execute TSM
administrative commands. (CVE-2015-7425)

- A privilege escalation vulnerability exists in the IBM
Data Protection Extension. An authenticated, remote
attacker can exploit this to select an existing virtual
machine from the vSphere inventory and perform a restore
operation even though the attacker does not have the
privilege level required for the operation. The restore
operation will not overwrite the existing virtual
machine but instead will create a new virtual machine
with the same data as the existing virtual machine.
After the restore creates the new virtual machine, the
attacker can then access its unencrypted data,
regardless of access permissions to the existing virtual
machine data. Note that this issue only applies to
version 7.1.x prior to 7.1.4. (CVE-2015-7429)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21973086
http://www-01.ibm.com/support/docview.wss?uid=swg21973087

Solution :

Upgrade to Tivoli Storage Manager for Virtual Environments version
6.3.2.5 / 6.4.3.1 / 7.1.4.0 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 87823 ()

Bugtraq ID: 79541
79545

CVE ID: CVE-2015-7425
CVE-2015-7429

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now