VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0015) (remote check)
medium Nessus Plugin ID 89670
Language:
New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.
VPR Score: 5.9
Synopsis
The remote VMware ESX / ESXi host is missing a security-related patch.Description
The remote VMware ESX / ESXi host is missing a security-related patch.It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries :
- Kernel
- Netscape Portable Runtime (NSPR)
- Network Security Services (NSS)
Solution
Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1.See Also
https://www.vmware.com/security/advisories/VMSA-2013-0015.html
Plugin Details
Severity: Medium
ID: 89670
File Name: vmware_esx_VMSA-2013-0015_remote.nasl
Version: 1.4
Type: remote
Family: Misc.
Published: 3/4/2016
Updated: 11/15/2018
Dependencies: vmware_vsphere_detect.nbin
Risk Information
Risk Factor: Medium
VPR Score: 5.9
CVSS v2.0
Base Score: 6.9
Temporal Score: 5.1
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Temporal Vector: E:U/RL:OF/RC:C
Vulnerability Information
CPE: cpe:/o:vmware:esx
Required KB Items: Host/VMware/version, Host/VMware/release
Exploit Ease: No known exploits are available
Patch Publication Date: 12/5/2013
Vulnerability Publication Date: 6/18/2012
Reference Information
CVE: CVE-2012-2372, CVE-2012-3552, CVE-2013-0791, CVE-2013-1620, CVE-2013-2147, CVE-2013-2164, CVE-2013-2206, CVE-2013-2224, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237
BID: 54062, 55359, 57777, 58826, 60280, 60375, 60715, 60858, 60874, 60893, 60953
VMSA: 2013-0015