The version of amazon-ssm-agent installed on the remote host is prior to 3.2.1705.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1866 advisory.

    2023-10-30: CVE-2023-24540 was added to this advisory.

    The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an     attacker to panic an SSH server. (CVE-2021-43565)

    http2/hpack: avoid quadratic complexity in hpack decoding (CVE-2022-41723)

    Templates did not properly consider backticks (`) as Javascript string delimiters, and as such didnot     escape them as expected. Backticks are used, since ES6, for JS template literals. If a templatecontained a     Go template action within a Javascript template literal, the contents of the action couldbe used to     terminate the literal, injecting arbitrary Javascript code into the Go template. (CVE-2023-24538)

    html/template: improper handling of JavaScript whitespace.

    Not all valid JavaScript whitespace characters were considered to be whitespace. Templates containing     whitespace characters outside of the character set \t\n\f\r\u0020\u2028\u2029 in JavaScript contexts     that also contain actions may not be properly sanitized during execution. (CVE-2023-24540)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux AMI : amazon-ssm-agent (ALAS-2023-1866)

critical Nessus Plugin ID 183853

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Dec 12, 2024, 9:55 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202412120955
Version 1.1 Oct 31, 2023, 3:59 PM CVE (set "CVE" coverage to "CVE-2021-43565,CVE-2022-41723,CVE-2023-24538,CVE-2023-24540") CVSSv2 score source (changed from "CVE-2023-24538" to "CVE-2023-24540") Exploit attributes ("Exploit available" set to "False") Plugin metadata Plugin Feed: 202310311559
Version 1.0 Oct 25, 2023, 10:05 AM New Plugin Feed: 202310251005