ESXi 5.0 / 5.1 / 5.5 / 6.0 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)

Medium Nessus Plugin ID 92949


The remote VMware ESXi host is affected by multiple vulnerabilities.


The remote VMware ESXi host is version 5.0, 5.1, 5.5, or 6.0 and is missing a security patch. It is, therefore, affected by multiple vulnerabilities :

- An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330)

- An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.


Apply the appropriate patch as referenced in the vendor advisory.

Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.

See Also

Plugin Details

Severity: Medium

ID: 92949

File Name: vmware_VMSA-2016-0010_remote.nasl

Version: $Revision: 1.6 $

Type: remote

Family: Misc.

Published: 2016/08/12

Modified: 2017/05/05

Dependencies: 57396

Risk Information

Risk Factor: Medium


Base Score: 6.9

Temporal Score: 5.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 7.3

Temporal Score: 6.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/o:vmware:esxi

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/03/15

Vulnerability Publication Date: 2016/03/15

Exploitable With

Metasploit (DLL Side Loading Vulnerability in VMware Host Guest Client Redirector)

Reference Information

CVE: CVE-2016-5330, CVE-2016-5331

BID: 92323, 92324

OSVDB: 142633, 142634

VMSA: 2016-0010

IAVB: 2016-B-0124, 2016-B-0125, 2016-B-0126, 2016-B-0127