VMware vSphere Replication Bash Environment Variable Command Injection Vulnerability (VMSA-2014-0010) (Shellshock)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.

Synopsis :

The remote host has a virtualization appliance installed that is
affected by Shellshock.

Description :

The VMware vSphere Replication installed on the remote host is version
5.1.x prior to, 5.5.x prior to, 5.6.x prior to, or 5.8.x prior to It is, therefore, affected by a
command injection vulnerability in GNU Bash known as Shellshock, which
is due to the processing of trailing strings after function
definitions in the values of environment variables. This allows a
remote attacker to execute arbitrary code via environment variable
manipulation depending on the configuration of the system

See also :


Solution :

Upgrade to vSphere Replication / / /
or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 9.0
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now