Detections
Analytics
VMware ESXi 5.5 / 6.0 XSS (VMSA-2016-0023) (remote check)
medium Nessus Plugin ID 134876
Language:
Synopsis
The remote VMware ESXi host is missing a security patch and is affected by a denial of service vulnerability.Description
The remote VMware ESXi host is version 5.5 or 6.0, and is missing a security patch. It is, therefore, vulnerable to a cross-site scripting (XSS) vulnerability. The vulnerability exists due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by importing a specially crafted VM, to inject arbitrary web script or HTML.Solution
Apply the appropriate patch as referenced in the vendor advisory.See Also
https://www.vmware.com/security/advisories/VMSA-2016-0023.html
Plugin Details
Severity: Medium
ID: 134876
File Name: vmware_esxi_VMSA-2016-0023.nasl
Version: 1.2
Type: remote
Family: Misc.
Published: 3/24/2020
Updated: 3/26/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Low
Base Score: 3.5
Temporal Score: 2.6
Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS Score Source: CVE-2016-7463
CVSS v3
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:vmware:esxi
Required KB Items: Host/VMware/release, Host/VMware/version
Exploit Ease: No known exploits are available
Patch Publication Date: 12/20/2016
Vulnerability Publication Date: 12/20/2016
Reference Information
CVE: CVE-2016-7463
BID: 94998
VMSA: 2016-0023