Detections
Analytics

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.103068)

critical Nessus Plugin ID 258028

Synopsis

The Nutanix AHV host is affected by multiple vulnerabilities .

Description

The version of AHV installed on the remote host is prior to 20230302.103068. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.103068 advisory.

 - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14.
 Processing web content may disclose sensitive information. (CVE-2023-40403)

 - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. (CVE-2025-32462)

 - A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. (CVE-2025-6020)

 - Allows modifying some file metadata (e.g. last modified) with filter=data or file permissions (chmod) with filter=tar of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of data or tar. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from no filtering to `data, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. (CVE-2024-12718)

 - Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of data or tar. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from no filtering to `data, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. (CVE-2025-4138, CVE-2025-4330)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the Nutanix AHV software to the recommended version. Before upgrading: if this cluster is registered with Prism Central, ensure that Prism Central has been upgraded first to a compatible version. Refer to the Software Product Interoperability page on the Nutanix portal.

See Also

http://www.nessus.org/u?0b175ef1

Plugin Details

Severity: Critical

ID: 258028

File Name: nutanix_NXSA-AHV-20230302_103068.nasl

Version: 1.1

Type: local

Family: Misc.

Published: 8/27/2025

Updated: 8/27/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2023-40403

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2025-32462

CVSS v4

Risk Factor: Critical

Base Score: 10

Threat Score: 9.3

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVSS Score Source: CVE-2024-12718

Vulnerability Information

CPE: cpe:/o:nutanix:ahv

Required KB Items: Host/Nutanix/Data/Node/Version, Host/Nutanix/Data/Node/Type

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/26/2025

Vulnerability Publication Date: 9/26/2023

Reference Information

CVE: CVE-2023-40403, CVE-2024-12718, CVE-2025-32462, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517, CVE-2025-4802, CVE-2025-6020