kpatch is being used to maintain the remote host's operating system kernel without requiring reboots.

The Trading Technologies Messaging (TTM) running on the remote host is affected by a remote code execution vulnerability due to the lack of validation of user-supplied data prior to copying it to a fixed-length stack-based buffer when processing a remove_park message. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code on the system with SYSTEM privileges.

Note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.

IBM Spectrum Protect, formerly known as Tivoli Storage Manager, running on the remote host is version 7.1.x < 7.1.10.100 or 8.1.x < 8.1.9.300. It is, therefore, is vulnerable to a stack-based buffer overflow which could allow an unauthenticated, remote attacker to executive arbitrary code on the system or cause the IBM Spectrum Protect Server to crash.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The IBM Spectrum Protect Plus administrative console running on the remote host is affected by a remote command injection vulnerability due to improper validation of user-supplied data when processing a login HTTP request. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to execute arbitrary code on the system with root privileges.

Note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.

The version of VMware Workstation installed on the remote Windows host is 15.0.x prior to 15.5.2. It is, therefore, affected by multiple vulnerabilities.  Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of VMware Workstation installed on the remote Linux host is 15.x prior to 15.5.2. It is, therefore, affected by multiple vulnernabilities.  Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The IBM Spectrum Protect server or storage agent running on the remote host is affected by a remote code execution vulnerability due to improper invalidation of user-supplied data during communication exchanges. An unauthenticated, remote attacker can exploit this, via a series of specially crafted messages, to execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash.

SELinux is available on the host and plugin was able to check if it is enabled.

This script attempts to identify the operating system type and version by using a probabilistic variant of SinFP.

This plugin detects if the remote host has any open ports which only support SSLv2. This protocol has been deprecated since 2011 because of security vulnerabilities and most major SSL libraries such as OpenSSL, NSS, Mbed TLS, and wolfSSL do not provide this functionality in their latest versions.

Nessus 8.9 and later no longer supports SSLv2.

The remote host has open SSL/TLS ports which advertise deprecated cipher suites. The ciphers contained in these suites are no longer supported by most major ssl libraries such as OpenSSL, NSS, Mbed TLS, and wolfSSL and, as such, should not be used for secure communication.

Nessus 8.9 and later no longer supports these ciphers.

This plugin enumerates and reports any SSLv2 connections which   were attempted as part of a scan. This protocol has been deemed prohibited since 2011 because of security   vulnerabilities and most major ssl libraries such as openssl, nss, mbed and wolfssl do not provide this functionality   in their latest versions. This protocol has been deprecated in Nessus 8.9 and later.

The version of VMware Workstation installed on the remote Windows host is 15.0.x prior to 15.5.1. It is, therefore, affected by a vulnerability.  Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Query host for the existance and functionality of commands wrapped by the command builder library.

The remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions or impersonate the server.

Note that this plugin does not attempt to recover an RSA ciphertext, however it sends a number of correct and malformed RSA ciphertexts as part of an SSL handshake and observes how the server responds.

This plugin attempts to discover the vulnerability in multiple ways, by not completing the handshake and by completing it incorrectly, as well as using a variety of cipher suites. Only the first method that finds the service to be vulnerable is reported.

This plugin requires report paranoia as some services will report as affected even though the issue is not exploitable.

VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

The version of VMware Workstation installed on the remote host is 15.0.x prior to 15.5.0. It is, therefore, affected by the following issues:

  - A use-after-free error in the virtual sound device that     allows a local attacker on the guest machine with low     privileges to execute code on the host. (CVE-2019-5527)

  - A denial of service vulnerability caused by improper     handling of some IPv6 packets. An attacker can exploit     this vulnerability to disallow network access for all     guest machines using the VMware NAT mode. To exploit     this vulnerability, the attacker must send specially     crafted IPv6 packets from a guest machine when IPv6 mode     for VMNAT is enabled. (CVE-2019-5535)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Microsoft Visual Studio Code, an integrated development environment software application, is installed on the remote Linux host.

Note: If thorough tests is enabled, this plugin will check for snap installs.

The remote host is missing one or more security patches. This plugin ensures that supersedence has been calculated for all missing patches and stores the supersedence data in the scan report so that recommendations can be made for the latest and least number of patches to install to make sure the remote host is up-to-date.

This script attempts to identify the operating system type and version by looking at the capabilities of the remote Apple AirPlay server.

IBM Spectrum Protect, formerly known as Tivoli Storage Manager, installed on the remote host is version 7.1.x < 7.1.9.300 or 8.1.x < 8.1.8. It is, therefore, affected by multiple IBM Db2 remote code execution and privilege escalation vulnerabilities. These vulnerabilities could allow an attacker to gain system-level access to the affected host.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of the Symantec Endpoint Encryption (SEE) installed on the remote Windows host is prior to 11.3.0. It is, therefore, affected by a two privilege escalation vulnerabilities. An authenticated, local attacker could exploit these vulnerabilities to gain elevated access to the system.

The version of Symantec Encryption Desktop installed on the remote host is affected by two privilege escalation vulnerabilities. A local attacker could exploit these vulnerabilities to gain elevated access to the system.

Only port 62078 is open on the remote host. It's highly likely to be an iPhone or an iPad.

A remote code execution vulnerability exists in the remote SAP Gateway as a result of allowing non-SAP applications to communicate with, and potentially run OS commands on SAP applications. An unauthenticated attacker can run the arbitrary commands on remote server to gain access to the system or to read/write sensitive information

The version of VMware Workstation installed on the remote Linux host is 15.0.x prior to 15.1.0. It is, therefore, affected by a use after free vulnerability in the Advanced Linux Sounds Architecture Backend. An authenticated, local attacker can exploit this, in conjunction with other issues, to execute arbitrary code. 

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of VMware Workstation installed on the remote host is 14.x prior to 14.1.6 or 15.x prior to 15.0.3. It is, therefore, affected by multiple vulnerabilities :

  - An out-of-bounds read vulnerability exists in the vertex     shader component of the 3D-acceleration feature could     allow an authenticated attacker to disclose sensitive     information or cause a denial-of-service of the guest     virtual machine. (CVE-2019-5516)

  - An out-of-bounds read vulnerability exists in the shader     translator component of the 3D-acceleration feature could     allow an authenticated attacker to disclose sensitive     information or cause a denial-of-service of the guest     virtual machine. (CVE-2019-5517)

  - An out-of-bounds read vulnerability in the     3D-acceleration feature could allow an authenticated     attacker to disclose sensitive information.
    (CVE-2019-5520)

Note virtual machines must be configured with the 3D-acceleration enabled. VMware Workstation defaults to this feature being enabled.

The remote service uses an SSL certificate chain that contains a root Certification Authority certificate at the top of the chain that is issued from a distrusted Certification Authority.

The version of VMware Workstation installed on the remote host is 14.x prior to 14.1.4 or 15.x prior to 15.0.1. It is, therefore, affected by multiple vulnerabilities, including:

  - An out-of-bounds read/write vulnerability and a Time-of-check     Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI     (Universal Host Controller Interface). Exploitation of these     issues requires an attacker to have access to a virtual machine     with a virtual USB controller present. These issues may allow a     guest to execute code on the host. (CVE-2019-5518, CVE-2019-5519)

  - An out-of-bounds write vulnerability in the e1000 virtual network     adapter. This issue may allow a guest to execute code on the     host. (CVE-2019-5524)

  - An out-of-bounds write vulnerability in the e1000 and e1000e     virtual network adapters. Exploitation of this issue may lead to     code execution on the host from the guest but it is more likely     to result in a denial of service of the guest. (CVE-2019-5515)

Note that CVE-2019-5524 only applies to VMware Workstation 14.x and was fixed in 14.1.6.

Note that CVE-2019-5515 was fixed in 14.1.6 and 15.0.3.

The version of VMware Workstation installed on the remote host is 14.x prior to 14.1.6 or 15.x prior to 15.0.3. It is, therefore, affected by an elevation of privilege vulnerability in the creation of the VMX process on a windows host.
An attacker with access to a host system may be able to hijack the path to the VMX executable or COM classes used by the VMX process leading to an elevation of privilege vulnerability.

This is a wrapper plugin for ensuring that detection scripts for custom software patching methodologies (outside of yum, dpkg, and similar package management systems) get run prior to the execution of localcheck plugins.

Add additional detection scripts to the script_dependencies attribute.

The CA/Browser Forum has passed a resolution setting the maximum validity period for SSL/TLS subscriber certificates via ballot 193.

Certificates issued after March 1, 2018 may not be valid longer than 825 days.  Certificates issued after July 1, 2016 through March 1, 2018 may not be valid longer than 39 months.  Certificates issued on or before July 1, 2016 may not be valid longer than 60 months.

Long validity periods encourage certificate owners to keep certificates in production that have vulnerabilities associated with weak cryptography and that may be out of compliance with other security guidelines.

Note:  CA/Browser Forum ballot 193 specifies policy based on the day the certificate was issued.  SSL/TLS certificates do not carry an issuance date.  This plugin uses a certificate's 'Not Valid Before' date as a proxy for the date the certificate was issued.

IBM Spectrum Protect, formerly known as Tivoli Storage Manager, installed on the remote host is version 7.1.x < 7.1.8.4 or 8.1.x < 8.1.6.1. It is, therefore, affected by a denial of service (DoS) vulnerability due to the incorrect accumulation of TCP/IP sockets in a CLOSE_WAIT state. An unauthenticated, remote attacker can exploit this issue to cause the process to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of VMware Workstation installed on the remote host is 14.x prior to 14.1.5 or 15.x prior to 15.0.2. It is, therefore, affected by an integer overflow vulnerability in the virtual network devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability.

VMware vRealize Log Insight, a virtualization log management application, is installed on the remote host.

The version of VMware Workstation installed on the remote host is 14.x prior to 14.1.1. It is, therefore, affected by denial of service vulnerability which can be triggered by opening a large number of VNC sessions. In order for exploitation to be possible, VNC feature must be manually enabled.

The version of VMware Workstation installed on the remote host is 14.x prior to 14.1.4 or 15.x prior to 15.0.1. It is, therefore, affected by an uninitialized stack memory usage vulnerability in the vmxnet3 network adapter. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability.

IBM Spectrum Protect, formerly known as Tivoli Storage Manager, installed on the remote host is version 7.1.x < 7.1.9.100 or 8.1.x < 8.1.6. It is, therefore, affected by an information disclosure vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of VMware Workstation installed on the remote Linux host is 14.x prior to 14.1.3. It is, therefore, affected by an out-of-bounds read vulnerability in SVGA devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability.

According to the DMI information, the remote host contains hardware manufactured by Super Micro.

Since it is physically accessible through the network, ensure that its configuration matches your organization's security policy.

This plugin parses information from the nessusd.dump log file and reports on errors.

The version of VMware Workstation installed on the remote Linux host is 14.x prior to 14.1.3. It is, therefore, missing a security update that fixes an out-of-bounds write vulnerability.

The version of VMware Player installed on the remote Linux host is 14.x prior to 14.1.3. It is, therefore, missing a security update that fixes an out-of-bounds write vulnerability.

The version of VMware Workstation installed on the remote Linux host is 14.x prior to 14.1.3. It is, therefore, affected by a speculative execution side channel attack known as L1 Terminal Fault (L1TF). An attacker who successfully exploited L1TF may be able to read privileged data across trust boundaries.

Generated report details the running processes on the target machine at scan time.
  This plugin is informative only and could be used for forensic   investigation, malware detection, and to confirm that your system   processes conform to your system policies.

The device may be a point-of-sale (POS) device based on the MAC address Organizationally Unique Identifier (OUI). The manufacturer of the OUI is known to only or primarily produce POS products.

Nessus was able to identify the remote operating system by querying its UPnP web server using SOAP.

Interference from either the network or the host did not allow the scan to fulfill the PCI DSS scan validation requirements. This report is insufficient to certify this server. There may be a firewall, IDS or other software blocking Nessus from scanning.

ID	Name	Severity
138014	kpatch : Installed Patches	Info
137053	Trading Technologies Messaging remove_park Stack Overflow	Critical
136547	IBM Spectrum Protect 7.1.x < 7.1.10.100 / 8.1.x < 8.1.9.300 Stack-based Buffer Overflow	Critical
135852	IBM Spectrum Protect Plus username Command Injection	Critical
134973	VMware Workstation 15.0.x < 15.5.2 Multiple Vulnerabilities (VMSA-2020-0005)	High
134626	VMware Workstation 15.x < 15.5.2 Multiple Vulnerabilities (VMSA-2020-0004) (Linux)	High
134564	IBM Spectrum Protect Server and Storage Agent RCE	Critical
133964	SELinux Status Check	Info
132935	OS Identification: Probabilistic SinFP	Info
132676	SSLv2-Only Open Ports Unsupported	Critical
132675	SSL/TLS Deprecated Ciphers Unsupported	Critical
132634	Deprecated SSLv2 Connection Attempts	Info
132417	VMware Workstation 15.0.x < 15.5.1 Vulnerability (VMSA-2019-0023)	Medium
131290	SSL/TLS Deprecated Ciphers	Info
131286	Command Builder Initialization	Info
131127	SSLv2-Only Open Ports	Info
105415	Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure	High
130453	VMware Workstation < 15.5.0 Vulnerability (VMSA-2019-0019)	Low
129495	VMware Workstation 15.0.x < 15.5.0 Multiple Vulnerabilities (VMSA-2019-0014)	High
129056	Microsoft Visual Studio Code for Installed (Linux)	Info
128276	Patch Data Finalization	Info
127857	OS Identification : Apple AirPlay	Info
126987	IBM Spectrum Protect 7.1.x < 7.1.9.300 / 8.1.x < 8.1.8 Multiple Vulnerabilities	High
126626	Symantec Endpoint Encryption < 11.3.0 Multiple Vulnerabilities (SYMSA1485)	Medium
126625	Symantec Encryption Desktop Multiple Vulnerabilities (SYMSA1485)	Medium
126588	OS Identification: iPhone or iPad	Info
126003	SAP Gateway 10Kblaze Remote Code Execution Vulnerability.	High
125883	VMware Workstation (Linux) 15.0.x < 15.1.0 Use After Free Vulnerability (VMSA-2019-0009)	High
124298	VMware Workstation 14.x < 14.1.6 / 15.x < 15.0.3 Multiple Vulnerabilities (VMSA-2019-0006)	Medium
124410	SSL Root Certification Authority Distrusted	Medium
123516	VMware Workstation 14.x < 14.1.7 / 15.x < 15.0.4 Multiple Vulnerabilities (VMSA-2019-0005)	High
123002	VMware Workstation 14.x < 14.1.6 / 15.x < 15.0.3 Elevation of Privilege Vulnerability (VMSA-2019-0002)	High
122878	Linux Alternate Patch Detection	Info
121009	SSL Certificate Validity - Duration	Medium
120944	IBM Spectrum Protect Client 7.1.x < 7.1.8.4 / 8.1.x < 8.1.6.1 Denial of Service Vulnerability (CVE-2018-1786)	Medium
119098	VMware Workstation 14.x < 14.1.5 / 15.x < 15.0.2 Virtual Network Integer Overflow Vulnerability (VMSA-2018-0030)	High
119016	VMware vRealize Log Insight Detection (Linux)	Info
118980	VMware Workstation 14.x < 14.1.1 Denial of Service Vulnerability (VMSA-2018-0008)	Low
118883	VMware Workstation 14.x < 14.1.4 / 15.x < 15.0.1 vmxnet3 Guest-to-Host Code Execution Vulnerability (VMSA-2018-0027)	High
118823	IBM Spectrum Protect Server 7.1.x < 7.1.9.100 / 8.1.x < 8.1.6 Information Disclosure Vulnerability	Low
118464	VMware Workstation 14.x < 14.1.3 Out-of-Bounds Read Vulnerability (VMSA-2018-0026) (Linux)	High
118225	Super Micro detection (dmidecode)	Info
117530	Errors in nessusd.dump	Info
111976	VMware Workstation 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-0022) (Linux)	High
111975	VMware Player 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-022) (Linux)	High
111757	VMware Workstation 14.x < 14.1.3 Speculative Execution Side Channel Vulnerability (Foreshadow) (VMSA-2018-0020) (Linux)	Medium
110483	Unix / Linux Running Processes Information	Info
108719	Point-of-Sale (POS) OUI Detection	Info
108715	OS Identification : UPnP	Info
108714	PCI DSS Compliance : Scan Interference	High

General Family for Nessus