NewStart CGSL MAIN 4.06 : vim Vulnerability (NS-SA-2019-0177)
High Nessus Plugin ID 128690
SynopsisThe remote machine is affected by a vulnerability.
DescriptionThe remote NewStart CGSL host, running version MAIN 4.06, has vim packages installed that are affected by a vulnerability:
- getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. (CVE-2019-12735)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade the vulnerable CGSL vim packages. Note that updated packages may not be available yet. Please contact ZTE for more information.