Detections
Analytics

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.4)

critical Nessus Plugin ID 164601

Language:

Synopsis

The Nutanix AOS host is affected by multiple vulnerabilities .

Description

The version of AOS installed on the remote host is prior to 5.20.4. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.4 advisory.

 - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. (CVE-2022-25315)

 - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)

 - NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
 (CVE-2021-43527)

 - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. (CVE-2021-45417)

 - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non- default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
 (CVE-2021-45046)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the Nutanix AOS software to the recommended version. Before upgrading: if this cluster is registered with Prism Central, ensure that Prism Central has been upgraded first to a compatible version. Refer to the Software Product Interoperability page on the Nutanix portal.

See Also

http://www.nessus.org/u?ace96a74

Plugin Details

Severity: Critical

ID: 164601

File Name: nutanix_NXSA-AOS-5_20_4.nasl

Version: 1.22

Type: local

Family: Misc.

Published: 9/1/2022

Updated: 2/17/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-23307

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-25315

Vulnerability Information

CPE: cpe:/o:nutanix:aos

Required KB Items: Host/Nutanix/Data/lts, Host/Nutanix/Data/Service, Host/Nutanix/Data/Version, Host/Nutanix/Data/arch

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/6/2022

Vulnerability Publication Date: 12/20/2019

CISA Known Exploited Vulnerability Due Dates: 6/13/2022, 7/18/2022, 5/22/2023

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (vmwgfx Driver File Descriptor Handling Priv Esc)

Reference Information

CVE: CVE-2019-17571, CVE-2020-0465, CVE-2020-0466, CVE-2020-25704, CVE-2020-25709, CVE-2020-25710, CVE-2020-36322, CVE-2020-36385, CVE-2020-9484, CVE-2020-9488, CVE-2021-0920, CVE-2021-20271, CVE-2021-21996, CVE-2021-26691, CVE-2021-34798, CVE-2021-3564, CVE-2021-3573, CVE-2021-3752, CVE-2021-39275, CVE-2021-4034, CVE-2021-4155, CVE-2021-41617, CVE-2021-42739, CVE-2021-43527, CVE-2021-44790, CVE-2021-45046, CVE-2021-45105, CVE-2021-45417, CVE-2021-45960, CVE-2021-46143, CVE-2022-0330, CVE-2022-0778, CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21349, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366, CVE-2022-22720, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-22942, CVE-2022-23181, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2022-23852, CVE-2022-24407, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315