VMware ESX / ESXi Multiple DoS (VMSA-2014-0001)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.

Synopsis :

The remote VMware ESX / ESXi host is missing a security-related patch.

Description :

The remote VMware ESX / ESXi host is affected by multiple denial of
service vulnerabilities :

- A denial of service vulnerability exists due to a NULL
pointer deference flaw when handling Network File Copy
(NFC) traffic. An unauthenticated, remote attacker can
exploit this by intercepting and modifying the traffic
between the ESX / ESXi host and the client.

- A flaw exists due to improper handling of invalid
ports. An unauthenticated attacker on an adjacent
network can exploit this to cause VMX processing to
fail, resulting in a partial denial of service.

See also :


Solution :

Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 4.0 / 4.1 and ESXi version 4.0 / 4.1 / 5.0 /

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 87673 ()

Bugtraq ID: 64994

CVE ID: CVE-2014-1207

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now