HP SiteScope Multiple Vulnerabilities (HPESBGN03763)

High Nessus Plugin ID 101299

Synopsis

A web application running on the remote host is affected by a multiple vulnerabilities.

Description

The version of HP SiteScope running on the remote host is 11.2x or 11.3x. It is, therefore, affected by multiple vulnerabilities :

- A cryptographic weakness exists in the ss_pu.jar library due to the use of hard-coded encryption keys. A local attacker can exploit this to disclose potentially sensitive information, such as user credentials in configuration files. (CVE-2017-8949)

- A cryptographic weakness exists in the ss_pu.jar library due to the use of risky or broken cryptographic algorithms. A local attacker can exploit this to disclose potentially sensitive information, such as user credentials in configuration files. (CVE-2017-8950)

- An information disclosure vulnerability exists due to credentials stored in Credential Profiles being passed in cleartext over HTTP to the client. A local attacker can exploit this to disclose sensitive information.
(CVE-2017-8951)

- A remote code execution vulnerability exists due to improper authentication of users before allowing file access when handling SOAP calls to the SiteScope service. An unauthenticated, remote attacker can exploit this to perform unauthorized actions, such as the disclosure of arbitrary files or the execution of arbitrary code. (CVE-2017-8952)

Solution

Apply the appropriate update according to the vendor advisory.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-12-176/

https://www.kb.cert.org/vuls/id/768399/

http://www.nessus.org/u?4843ab92

http://www.nessus.org/u?c83286c6

Plugin Details

Severity: High

ID: 101299

File Name: hp_sitescope_HPESBGN03763.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 2017/07/06

Updated: 2019/04/10

Dependencies: 53621

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 8.1

Temporal Score: 7.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:hp:sitescope

Required KB Items: installed_sw/sitescope, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/06/27

Vulnerability Publication Date: 2017/06/27

Exploitable With

Core Impact

Reference Information

CVE: CVE-2017-8949, CVE-2017-8950, CVE-2017-8951, CVE-2017-8952

BID: 99331, 99333

HP: HPESBGN03763, emr_na-hpesbgn03763en_us

CERT: 768399

ZDI: ZDI-12-176

IAVA: 2017-A-0194