NewStart CGSL CORE 5.05 / MAIN 5.05 : vim Vulnerability (NS-SA-2019-0164)
High Nessus Plugin ID 127449
SynopsisThe remote machine is affected by a vulnerability.
DescriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has vim packages installed that are affected by a vulnerability:
- It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade the vulnerable CGSL vim packages. Note that updated packages may not be available yet. Please contact ZTE for more information.