Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.NUTANIX_NXSA-AHV-20220304_420.NASL
HistoryOct 18, 2023 - 12:00 a.m.

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.420)

2023-10-1800:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
nutanix
ahv
vulnerabilities
nxsa-ahv-20220304.420
type confusion
x.400 address
openssl
memory writes
pkcs 12
firefox esr
JSON

The version of AHV installed on the remote host is prior to 20220304.420. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.420 advisory.

  • There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

  • An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. (CVE-2023-0767)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(183324);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/18");

  script_cve_id("CVE-2023-0286", "CVE-2023-0767");

  script_name(english:"Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.420)");

  script_set_attribute(attribute:"synopsis", value:
"The Nutanix AHV host is affected by multiple vulnerabilities .");
  script_set_attribute(attribute:"description", value:
"The version of AHV installed on the remote host is prior to 20220304.420. It is, therefore, affected by multiple
vulnerabilities as referenced in the NXSA-AHV-20220304.420 advisory.

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME
    incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently
    interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL
    checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may
    allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or
    enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate
    chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these
    inputs, the other input must already contain an X.400 address as a CRL distribution point, which is
    uncommon. As such, this vulnerability is most likely to only affect applications which have implemented
    their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

  - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory
    writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110,
    Thunderbird < 102.8, and Firefox ESR < 102.8. (CVE-2023-0767)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AHV-20220304.420
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b5be0ace");
  script_set_attribute(attribute:"solution", value:
"Update the Nutanix AHV software to recommended version.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-0767");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:nutanix:ahv");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("nutanix_collect.nasl");
  script_require_keys("Host/Nutanix/Data/Node/Version", "Host/Nutanix/Data/Node/Type");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_info = vcf::nutanix::get_app_info(node:TRUE);

var constraints = [
  { 'fixed_version' : '20220304.420', 'product' : 'AHV', 'fixed_display' : 'Upgrade the AHV install to 20220304.420 or higher.' }
];

vcf::nutanix::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE
);
VendorProductVersionCPE
nutanixahvcpe:/o:nutanix:ahv

Related

nessus 66
redhat 21
prion 2
oraclelinux 9
cloudlinux 1
rocky 2
debiancve 2
openvas 25
osv 13
redhatcve 2
rosalinux 2
alpinelinux 2
centos 2
veracode 2
cve 2
amazon 2
ubuntu 3
ibm 12
debian 1
almalinux 2
ubuntucve 2
cvelist 2
hivepro 1
ics 1
cbl_mariner 7
wolfi 1
github 2
githubexploit 1
rustsec 1
cgr 1
openssl 1
freebsd 1
f5 1
photon 2
cloudfoundry 2
nessus
nessus
Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.10057)
2023-10-18 00:00:00
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.6.2.5)
2023-05-02 00:00:00
RHEL 8 : nss (RHSA-2023:1406)
2023-03-23 00:00:00
redhat
redhat
(RHSA-2023:1525) Moderate: OpenShift Container Platform 4.9.59 security update
2023-04-05 23:04:04
(RHSA-2023:1366) Important: nss security update
2023-03-21 09:21:07
(RHSA-2023:1365) Important: nss security and bug fix update
2023-03-21 08:11:35
prion
prion
Code injection
2023-06-02 17:15:00
Type confusion
2023-02-08 20:15:00
oraclelinux
oraclelinux
nss security and bug fix update
2023-03-21 00:00:00
nss security update
2023-04-06 00:00:00
nss security update
2023-03-20 00:00:00
cloudlinux
cloudlinux
nss: Fix of CVE-2023-0767
2023-04-12 19:25:45
rocky
rocky
nss security and bug fix update
2023-03-28 13:08:18
nss security update
2023-03-16 15:23:16
debiancve
debiancve
CVE-2023-0767
2023-06-02 17:15:10
CVE-2023-0286
2023-02-08 20:15:24
openvas
openvas
Debian: Security Advisory (DSA-5353-1)
2023-02-18 00:00:00
Ubuntu: Security Advisory (USN-5892-2)
2023-03-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0443-1)
2023-02-20 00:00:00
osv
osv
Important: nss security update
2023-03-15 00:00:00
Important: nss security and bug fix update
2023-03-21 00:00:00
Important: nss security and bug fix update
2023-03-28 13:08:18
redhatcve
redhatcve
CVE-2023-0767
2023-02-16 09:29:19
CVE-2023-0286
2023-02-07 17:30:51
rosalinux
rosalinux
Advisory ROSA-SA-2023-2165
2023-05-28 09:04:05
Advisory ROSA-SA-2023-2152
2023-04-11 14:23:07
alpinelinux
alpinelinux
CVE-2023-0767
2023-06-02 17:15:10
CVE-2023-0286
2023-02-08 20:15:24
centos
centos
nss security update
2023-03-22 14:03:02
openssl security update
2023-03-22 14:01:44
veracode
veracode
Arbitrary Memory Write
2023-03-06 20:47:41
Type Confusion
2023-02-09 20:56:17
cve
cve
CVE-2023-0767
2023-06-02 17:15:10
CVE-2023-0286
2023-02-08 20:15:24
amazon
amazon
Important: nss
2023-04-27 16:19:00
Important: nss
2023-03-17 16:34:00
ubuntu
ubuntu
NSS vulnerability
2023-03-06 00:00:00
NSS vulnerabilities
2023-02-27 00:00:00
OpenSSL vulnerabilities
2023-02-07 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Mozilla Network Security Services (NSS) arbitrary code execution vulnerability( CVE-2023-0767)
2023-07-06 18:01:55
Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2023-0286]
2023-04-04 06:36:31
Security Bulletin: CVE-2023-0286 may affect IBM CICS TX Advanced 10.1
2023-05-09 17:32:10
debian
debian
[SECURITY] [DSA 5353-1] nss security update
2023-02-17 22:31:59
almalinux
almalinux
Important: nss security update
2023-03-15 00:00:00
Important: nss security and bug fix update
2023-03-21 00:00:00
ubuntucve
ubuntucve
CVE-2023-0767
2023-02-15 00:00:00
CVE-2023-0286
2023-02-07 00:00:00
cvelist
cvelist
CVE-2023-0767
2023-06-02 00:00:00
CVE-2023-0286 X.400 address type confusion in X.509 GeneralName
2023-02-08 19:01:50
hivepro
hivepro
OpenSSL Releases Update to Address Several High-Severity Vulnerabilities
2023-02-10 12:55:54
ics
ics
Siemens Address Processing in SIMATIC
2023-08-10 12:00:00
cbl_mariner
cbl_mariner
CVE-2023-0286 affecting package cloud-hypervisor for versions less than 30.0-2
2023-04-16 02:55:47
CVE-2023-0286 affecting package reaper 3.1.1-6
2024-05-19 21:07:24
CVE-2023-0286 affecting package cloud-hypervisor 22.0-2
2024-05-19 21:07:20
wolfi
wolfi
CVE-2023-0286 vulnerabilities
2024-05-19 21:07:17
github
github
Vulnerable OpenSSL included in sgx-dcap-quote-verify-python
2023-02-14 00:30:22
Vulnerable OpenSSL included in cryptography wheels
2023-02-08 22:17:06
githubexploit
githubexploit
Exploit for Type Confusion in Openssl
2023-03-21 04:57:37
rustsec
rustsec
X.400 address type confusion in X.509 `GeneralName`
2023-02-07 12:00:00
cgr
cgr
CVE-2023-0286 vulnerabilities
2024-05-19 03:07:16
openssl
openssl
Vulnerability in OpenSSL CVE-2023-0286
2023-02-07 00:00:00
freebsd
freebsd
py-cryptography -- includes a vulnerable copy of OpenSSL
2023-02-08 00:00:00
f5
f5
K000132941 : OpenSSL vulnerability CVE-2023-0286
2023-03-13 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-5.0-0190
2024-01-14 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0549
2024-01-14 00:00:00
cloudfoundry
cloudfoundry
USN-5892-1: NSS vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
USN-5845-1: OpenSSL vulnerabilities | Cloud Foundry
2023-02-24 00:00:00
JSON
Related for NUTANIX_NXSA-AHV-20220304_420.NASL
nessus66redhat21prion2oraclelinux9cloudlinux1rocky2debiancve2openvas25osv13redhatcve2rosalinux2alpinelinux2centos2veracode2cve2amazon2ubuntu3ibm12debian1almalinux2ubuntucve2cvelist2hivepro1ics1cbl_mariner7wolfi1github2githubexploit1rustsec1cgr1openssl1freebsd1f51photon2cloudfoundry2