Detections
Analytics

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.3)

critical Nessus Plugin ID 175818

Language:

Synopsis

The Nutanix AOS host is affected by multiple vulnerabilities .

Description

The version of AOS installed on the remote host is prior to 6.5.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.3 advisory.

 - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)

 - zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). (CVE-2022-37434)

 - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
 (CVE-2022-42703)

 - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)

 - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf;
 Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
 Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-21830)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the Nutanix AOS software to the recommended version. Before upgrading: if this cluster is registered with Prism Central, ensure that Prism Central has been upgraded first to a compatible version. Refer to the Software Product Interoperability page on the Nutanix portal.

See Also

http://www.nessus.org/u?a57e738f

Plugin Details

Severity: Critical

ID: 175818

File Name: nutanix_NXSA-AOS-6_5_3.nasl

Version: 1.7

Type: local

Family: Misc.

Published: 5/16/2023

Updated: 2/17/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-32250

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-37434

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Threat Score: 9.3

Threat Vector: CVSS:4.0/E:A

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2023-0286

Vulnerability Information

CPE: cpe:/o:nutanix:aos

Required KB Items: Host/Nutanix/Data/lts, Host/Nutanix/Data/Service, Host/Nutanix/Data/Version, Host/Nutanix/Data/arch

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/16/2023

Vulnerability Publication Date: 3/7/2022

Exploitable With

Metasploit (Sudoedit Extra Arguments Priv Esc)

Reference Information

CVE: CVE-2021-25220, CVE-2021-26401, CVE-2022-24903, CVE-2022-2795, CVE-2022-28733, CVE-2022-2964, CVE-2022-32250, CVE-2022-37434, CVE-2022-42703, CVE-2022-4378, CVE-2023-0286, CVE-2023-0767, CVE-2023-21830, CVE-2023-21843, CVE-2023-22809