Detections
Analytics

ESXi 5.0 < Build 702118 Multiple Vulnerabilities (remote check)

high Nessus Plugin ID 70882

Language:

Synopsis

The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilities.

Description

The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities :

 - An error exists related to NFS traffic handling that could allow memory corruption leading to execution of arbitrary code. (CVE-2012-2448)

 - Out-of-bounds write errors exist related to virtual floppy disc devices and virtual SCSI devices that could allow local privilege escalation. (CVE-2012-2449, CVE-2012-2450)

Solution

Apply patch ESXi500-201205401-SG. Alternatively, implement the workaround referenced in the vendor advisory.

See Also

http://www.nessus.org/u?da8aca2a

http://www.vmware.com/security/advisories/VMSA-2012-0009.html

Plugin Details

Severity: High

ID: 70882

File Name: vmware_esxi_5_0_build_702118_remote.nasl

Version: 1.5

Type: remote

Family: Misc.

Published: 11/13/2013

Updated: 8/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi:5.0

Required KB Items: Host/VMware/release, Host/VMware/version

Exploit Ease: No known exploits are available

Patch Publication Date: 5/3/2012

Vulnerability Publication Date: 5/3/2012

Reference Information

CVE: CVE-2012-2448, CVE-2012-2449, CVE-2012-2450

BID: 53369, 53371

VMSA: 2012-0009