ESXi 6.0 U1 < Build 5251621 / 6.0 U2 < Build 5251623 / 6.0 U3 < Build 5224934 Multiple Vulnerabilities (VMSA-2017-0006) (remote check)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi 6.0 host is affected by multiple
vulnerabilities.

Description :

The version of the remote VMware ESXi 6.0 host is 6.0 U1 prior to
build 5251621, 6.0 U2 prior to build 5251623, or 6.0 U3 prior to build
5224934. It is, therefore, affected by multiple vulnerabilities :

- A stack memory initialization flaw exists that allows an
attacker on the guest to execute arbitrary code on the
host. (CVE-2017-4903)

- An unspecified flaw exists in memory initialization that
allows an attacker on the guest to execute arbitrary
code on the host. (CVE-2017-4904)

- An unspecified flaw exists in memory initialization that
allows the disclosure of sensitive information.
(CVE-2017-4905)

See also :

http://www.vmware.com/security/advisories/VMSA-2017-0006.html
http://www.nessus.org/u?29e8975b
http://www.nessus.org/u?0ac633b1

Solution :

Apply patch ESXi600-201703401-SG, ESXi600-201703002, or
ESXi600-201703003 according to the vendor advisory.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 99130 ()

Bugtraq ID: 97160
97164
97165

CVE ID: CVE-2017-4903
CVE-2017-4904
CVE-2017-4905

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now