The version of AOS installed on the remote host is prior to 6.5.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.1.8 advisory.

  - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was     configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x     only), Tomcat did not reject a request containing an invalid Content-Length header making a request     smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the     request with the invalid header. (CVE-2022-42252)

  - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf,     11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to     exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can     result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM     Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in     clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run     untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This     vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service     which supplies data to the APIs. (CVE-2022-21619)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1,     17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2022-21624)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf,     11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability     allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM     Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a     partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This     vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start     applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the     internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using     APIs in the specified Component, e.g., through a web service which supplies data to the APIs.
    (CVE-2022-21626)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341,     8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM     Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not     apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed     by an administrator). (CVE-2022-21628)

  - By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38177)

  - By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38178)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.1.8)

high Nessus Plugin ID 168739

Version 1.9

Version 1.8

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.9 Mar 5, 2024, 10:26 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") Plugin metadata Plugin Feed: 202403052226
Version 1.8 Oct 4, 2023, 4:00 AM Detection Plugin Feed: 202310040400
Version 1.7 Sep 15, 2023, 4:16 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv3 score source (set to "CVE-2022-40674") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202309151616
Version 1.6 Mar 22, 2023, 4:37 PM CVSS metrics ("CVSSv2 score" changed from "10.0" to "7.8". "CVSSv2 score" changed from "10.0" to "7.8". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C" to "CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C" to "CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C" to "CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N") CVSSv2 score source (changed from "CVE-2022-40674" to "CVE-2022-42252") Plugin Feed: 202303221637
Version 1.5 Feb 23, 2023, 6:16 PM Plugin metadata Plugin Feed: 202302231816
Version 1.4 Feb 3, 2023, 2:05 PM Regenerated based on advisory update Plugin Feed: 202302031405
Version 1.3 Feb 2, 2023, 2:12 PM CVSS metrics ("CVSSv3 score" changed from "9.8" to "8.1") CVSS metrics ("CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSSv3 score source (set to "CVE-2022-40674") Plugin Feed: 202302021412
Version 1.2 Dec 15, 2022, 5:53 AM New Plugin Feed: 202212150553