The version of AOS installed on the remote host is prior to 5.17.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.17.1.3 advisory.

  - An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function     allocate_trace_buffer in the file kernel/trace/trace.c. (CVE-2017-18595)

  - In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in     kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-     buffer). (CVE-2019-19768)

  - A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.
    This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into     the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO     restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate     that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer     dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network     user to crash the system kernel, resulting in a denial of service. (CVE-2020-10711)

  - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated     synchronization via a server mode packet with a spoofed source IP address, because transmissions are     rescheduled even when a packet lacks a valid origin timestamp. (CVE-2020-11868)

  - An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-     daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local     attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use     this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus     clients. (CVE-2020-12049)

  - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory     space. (CVE-2020-12888)

  - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service     (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The     victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can     query time from the victim's ntpd instance. (CVE-2020-13817)

  - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported     versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to     exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized     update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as     unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client     and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start     applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the     specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as     through a web service. (CVE-2020-14556)

  - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported     versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251.
    Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to     compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized     read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server     deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and     sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component     without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web     service. (CVE-2020-14577)

  - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported     versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to     cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and     server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start     applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the     specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as     through a web service. (CVE-2020-14578, CVE-2020-14579)

  - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported     versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251.
    Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple     protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a     person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may     significantly impact additional products. Successful attacks of this vulnerability can result in takeover     of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients     running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code     (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability     does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code     installed by an administrator). (CVE-2020-14583)

  - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported     versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily     exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other     than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly     impact additional products. Successful attacks of this vulnerability can result in unauthorized creation,     deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note:
    This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start     applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the     internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java     deployments, typically in servers, that load and run only trusted code (e.g., code installed by an     administrator). (CVE-2020-14593)

  - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported     versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily     exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized     update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This     vulnerability can only be exploited by supplying data to APIs in the specified Component without using     Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.
    (CVE-2020-14621)

  - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to     9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one     request to another meaning user A and user B could both see the results of user A's request.
    (CVE-2021-25122)

  - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to     9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be     used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published     prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to     this issue. (CVE-2021-25329)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.17.1.3)

high Nessus Plugin ID 164604

Version 1.5

Version 1.4

Version 1.3

Version 1.5 Nov 26, 2024, 10:00 AM CVSS metrics ("CVSSv3 score" set to 7.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSSv3 score source (changed from "CVE-2020-14583" to none) Plugin Feed: 202411261000
Version 1.4 Oct 13, 2023, 5:16 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310131716
Version 1.3 Feb 23, 2023, 6:16 PM Plugin metadata Plugin Feed: 202302231816