ESXi 5.5 < Build 1474526 File Descriptors Privilege Escalation (remote check)

This script is (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi 5.5 host is affected by a privilege escalation
vulnerability.

Description :

The remote VMware ESXi 5.5 host is affected by an error in the
handling of certain Virtual Machine file descriptors. This could allow
an unprivileged user with the 'Add Existing Disk' privilege to obtain
read and write access to arbitrary files, possibly leading to
arbitrary code execution after a host reboot.

See also :

http://www.nessus.org/u?b9d794c9

Solution :

Apply patch ESXi550-201312101-SG.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 71774 ()

Bugtraq ID: 64491

CVE ID: CVE-2013-5973

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now