The version of AOS installed on the remote host is prior to 5.20.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.1 advisory.

  - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java     SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;
    Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to     exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human     interaction from a person other than the attacker. Successful attacks of this vulnerability can result in     unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded,     Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments     that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox     for security. (CVE-2021-2163)

  - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine     the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI     subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at     /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in     drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the     pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)

  - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is     adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)

  - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have     appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can     send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a     Netlink message. (CVE-2021-27365)

  - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java     SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;
    Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to     exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this     vulnerability can result in unauthorized creation, deletion or modification access to critical data or all     Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability     applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and     rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the     specified Component. (CVE-2021-2161)

  - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write     access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character     sequence. (CVE-2021-26937)

  - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions     (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being     called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to     force an invalid signature, causing an assertion failure or possible validation. The highest threat to     this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)

  - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 ->     9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND     9.17 development branch, when a vulnerable version of named receives a query for a record triggering the     flaw described above, the named process will terminate due to a failed assertion check. The vulnerability     affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other     versions of BIND 9. (CVE-2021-25215)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.1)

critical Nessus Plugin ID 164592

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.7 Dec 8, 2023, 5:55 PM Plugin metadata Detection (updated detection logic) Plugin Feed: 202312081755
Version 1.6 Oct 13, 2023, 5:16 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv3 score source (set to "CVE-2021-26937") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310131716
Version 1.5 Feb 23, 2023, 6:16 PM Plugin metadata Plugin Feed: 202302231816
Version 1.4 Feb 3, 2023, 2:05 PM Regenerated based on advisory update Plugin Feed: 202302031405
Version 1.3 Dec 6, 2022, 4:40 AM Reference Plugin Feed: 202212060440