The version of AOS installed on the remote host is prior to 5.20. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20 advisory.

  - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write     access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character     sequence. (CVE-2021-26937)

  - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java     SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;
    Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to     exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human     interaction from a person other than the attacker. Successful attacks of this vulnerability can result in     unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded,     Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments     that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox     for security. (CVE-2021-2163)

  - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow     unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
    (CVE-2017-5715)

  - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized     disclosure of information to an attacker with local user access via a side-channel analysis.
    (CVE-2017-5753)

  - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow     unauthorized disclosure of information to an attacker with local user access via a side-channel analysis     of the data cache. (CVE-2017-5754)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20)

critical Nessus Plugin ID 164557

Version 1.10