The version of AOS installed on the remote host is prior to 6.5.6.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.6.5 advisory.

  - Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote     attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the     KeyTrap issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the     protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG     records. (CVE-2023-50387)

  - The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to     it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to     crash an application or overwrite a neighbouring variable. (CVE-2024-2961)

  - nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size     cache is exhausted by client requests then a subsequent client request for netgroup data may result in a     stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This     vulnerability is only present in the nscd binary. (CVE-2024-33599)

  - nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails     to add a not-found netgroup response to the cache, the client request can result in a null pointer     dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability     is only present in the nscd binary. (CVE-2024-33600)

  - nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's     (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a     memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in     glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
    (CVE-2024-33601)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.6.5)

high Nessus Plugin ID 204958

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.4 Jan 14, 2025, 1:29 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202501140129
Version 1.3 Oct 21, 2024, 9:27 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit framework metasploit" set to "True") Plugin Feed: 202410210927
Version 1.2 Aug 20, 2024, 9:39 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202408200939
Version 1.1 Aug 1, 2024, 10:15 PM New Plugin Feed: 202408012215