VMware vRealize Automation 7.0.x < 7.1 Multiple Vulnerabilities (VMSA-2016-0013)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

A device management application running on the remote host is affected
by multiple vulnerabilities.

Description :

The VMware vRealize Automation application running on the remote host
is version 7.0.x prior to 7.1. It is, therefore, affected by the
following vulnerabilities :

- An unspecified flaw exists that allows a local attacker
to elevate privileges from a low-privileged account to
root access. (CVE-2016-5335)

- An unspecified flaw exists that allows an
unauthenticated, remote attacker to execute code and
thereby gain access to a low privilege account on the
device. No other details are available. (CVE-2016-5336)

See also :

https://www.vmware.com/security/advisories/VMSA-2016-0013

Solution :

Upgrade to VMware vRealize Automation version 7.1 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 93191 ()

Bugtraq ID: 92607
92608

CVE ID: CVE-2016-5335
CVE-2016-5336

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now