ESXi 5.5 / 6.0 / 6.5 / Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre) (remote check)

Medium Nessus Plugin ID 105486

Synopsis

The remote VMware ESXi host is affected by multiple vulnerabilities.

Description

The remote VMware ESXi host is version 5.5, 6.0, or 6.5 and is missing a security patch. It is, therefore, affected by multiple vulnerabilities that can allow code execution in a virtual machine via the authenticated VNC session as well as cause information disclosure from one virtual machine to another virtual machine on the same host.

Solution

Apply the appropriate patch as referenced in the vendor advisory.

See Also

https://www.vmware.com/security/advisories/VMSA-2017-0021.html

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0369

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

https://meltdownattack.com/

Plugin Details

Severity: Medium

ID: 105486

File Name: vmware_esxi_VMSA-2017-0021.nasl

Version: 1.11

Type: remote

Family: Misc.

Published: 2017/12/29

Updated: 2019/11/08

Dependencies: 57396

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2017-4941

CVSS v2.0

Base Score: 6

Temporal Score: 5.2

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 7.5

Temporal Score: 7.2

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/12/19

Vulnerability Publication Date: 2017/12/19

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2017-4940, CVE-2017-4941, CVE-2017-5715, CVE-2017-5753

BID: 102238, 102241, 102371, 102376

VMSA: 2017-0021, 2018-0002

IAVA: 2018-A-0020