The version of AOS installed on the remote host is prior to 6.5.3.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.3.7 advisory.

  - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting     methods by supplying a URL that starts with blank characters. (CVE-2023-24329)

  - A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations,     impacting the confidentiality and integrity of the guest virtual machine. (CVE-2023-20867)

  - Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility     (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable     Runtime Utility (APR-util) 1.6.1 and prior versions. (CVE-2022-25147)

  - Every `named` instance configured to run as a recursive resolver maintains a cache database holding the     responses to the queries it has recently sent to authoritative servers. The size limit for that cache     database can be configured using the `max-cache-size` statement in the configuration file; it defaults to     90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the     configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets     from the cache, to keep memory use below the configured limit. It has been discovered that the     effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the     resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size`     limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0     through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
    (CVE-2023-2828)

  - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the     function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The     manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated     identifier of this vulnerability is VDB-211087. (CVE-2022-3564)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18,     17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM     Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to     all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to     Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java     applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java     sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component,     e.g., through a web service which supplies data to the APIs. (CVE-2023-21930)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf,     11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2023-21937)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf,     11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not     apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed     by an administrator). (CVE-2023-21938)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18,     17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability     allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM     Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or     delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This     vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start     applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the     internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using     APIs in the specified Component, e.g., through a web service which supplies data to the APIs.
    (CVE-2023-21939)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18,     17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2023-21954)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18,     17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM     Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2023-21967)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf,     11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2023-21968)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.3.7)

high Nessus Plugin ID 180586

Version 1.5

Version 1.4

Version 1.4

Version 1.3

Version 1.2

Version 1.2

Version 1.1

Version 1.0

Version 1.5 Mar 5, 2024, 7:01 AM Plugin metadata Plugin Feed: 202403050701
Version 1.4 Nov 18, 2023, 3:18 PM CISA reference Plugin Feed: 202311181518
Version 1.4 Mar 5, 2024, 4:36 AM Plugin metadata Plugin Feed: 202403050436
Version 1.3 Nov 17, 2023, 11:52 PM CVE (set "CVE" coverage to "CVE-2022-25147,CVE-2022-3564,CVE-2023-20867,CVE-2023-21930,CVE-2023-21937,CVE-2023-21938,CVE-2023-21939,CVE-2023-21954,CVE-2023-21967,CVE-2023-21968,CVE-2023-24329,CVE-2023-2828") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Plugin Feed: 202311172352
Version 1.2 Nov 8, 2023, 7:43 PM Detection (updated detection logic) Plugin Feed: 202311081943
Version 1.2 Nov 17, 2023, 9:42 PM CVE (set "CVE" coverage to "CVE-2022-25147,CVE-2022-3564,CVE-2023-20867,CVE-2023-21930,CVE-2023-21937,CVE-2023-21938,CVE-2023-21939,CVE-2023-21954,CVE-2023-21967,CVE-2023-21968,CVE-2023-24329,CVE-2023-2828") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Plugin Feed: 202311172142
Version 1.1 Sep 13, 2023, 2:10 AM CVE (set "CVE" coverage to "CVE-2022-25147,CVE-2023-21930,CVE-2023-21937,CVE-2023-21938,CVE-2023-21939,CVE-2023-21954,CVE-2023-21967,CVE-2023-21968,CVE-2023-24329") CVSS metrics ("CVSSv2 score" changed from 7.1 to 7.8. "CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N" to "CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N". "CVSSv3 score" changed from 7.4 to 7.5) CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2023-21930" to "CVE-2023-24329") CVSSv3 score source (set to "CVE-2023-24329") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202309130210
Version 1.0 Sep 7, 2023, 9:48 PM New Plugin Feed: 202309072148