Detections
Analytics

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1)

high Nessus Plugin ID 269907

Language:

Synopsis

The Nutanix AOS host is affected by multiple vulnerabilities .

Description

The version of AOS installed on the remote host is prior to 7.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1 advisory.

 - LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states only a few specific / uncommon usages of the API are at risk.
 (CVE-2019-17543)

 - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. (CVE-2025-6965)

 - A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. (CVE-2025-6020)

 - Allows modifying some file metadata (e.g. last modified) with filter=data or file permissions (chmod) with filter=tar of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of data or tar. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from no filtering to `data, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. (CVE-2024-12718)

 - Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of data or tar. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from no filtering to `data, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. (CVE-2025-4138, CVE-2025-4330)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the Nutanix AOS software to the recommended version. Before upgrading: if this cluster is registered with Prism Central, ensure that Prism Central has been upgraded first to a compatible version. Refer to the Software Product Interoperability page on the Nutanix portal.

See Also

http://www.nessus.org/u?111be1bd

Plugin Details

Severity: High

ID: 269907

File Name: nutanix_NXSA-AOS-7_3_1.nasl

Version: 1.5

Type: local

Family: Misc.

Published: 10/9/2025

Updated: 10/30/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-17543

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2025-6965

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 7.7

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2025-47273

Vulnerability Information

CPE: cpe:/o:nutanix:aos

Required KB Items: Host/Nutanix/Data/lts, Host/Nutanix/Data/Service, Host/Nutanix/Data/Version, Host/Nutanix/Data/arch

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/9/2025

Vulnerability Publication Date: 12/4/2016

Reference Information

CVE: CVE-2016-9840, CVE-2019-17543, CVE-2023-40403, CVE-2024-12718, CVE-2024-22259, CVE-2024-34397, CVE-2024-47081, CVE-2024-52533, CVE-2024-53920, CVE-2025-22871, CVE-2025-30749, CVE-2025-30754, CVE-2025-30761, CVE-2025-31650, CVE-2025-31651, CVE-2025-32414, CVE-2025-32415, CVE-2025-32462, CVE-2025-3576, CVE-2025-40909, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4517, CVE-2025-46701, CVE-2025-47273, CVE-2025-4802, CVE-2025-48976, CVE-2025-48988, CVE-2025-48989, CVE-2025-49124, CVE-2025-49125, CVE-2025-49794, CVE-2025-49796, CVE-2025-50106, CVE-2025-52434, CVE-2025-52520, CVE-2025-53506, CVE-2025-6020, CVE-2025-6021, CVE-2025-6965, CVE-2025-7425, CVE-2025-8058