Detections
Analytics

Oracle Linux 7 : olcne (ELSA-2023-23649)

critical Nessus Plugin ID 176422

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-23649 advisory.

 - Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2022-27493)

 - A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of blocked page HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim. (CVE-2022-27491)

 - A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests.
 (CVE-2022-27487)

 - Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. (CVE-2022-27496)

 - An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. (CVE-2022-27492)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected olcne-extra-modules, olcne-kubevirt-chart and / or olcne-rook-chart packages.

See Also

https://linux.oracle.com/errata/ELSA-2023-23649.html

Plugin Details

Severity: Critical

ID: 176422

File Name: oraclelinux_ELSA-2023-23649.nasl

Version: 1.2

Type: local

Agent: unix

Published: 5/26/2023

Updated: 6/8/2023

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-27488

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:olcne-extra-modules, p-cpe:/a:oracle:linux:olcne-kubevirt-chart, p-cpe:/a:oracle:linux:olcne-rook-chart

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/26/2023

Vulnerability Publication Date: 3/31/2022

Reference Information

CVE: CVE-2023-27487, CVE-2023-27488, CVE-2023-27491, CVE-2023-27492, CVE-2023-27493, CVE-2023-27496