#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(240643);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/19");
script_cve_id(
"CVE-2024-4032",
"CVE-2024-5535",
"CVE-2024-56171",
"CVE-2024-6345",
"CVE-2024-6923",
"CVE-2024-8088",
"CVE-2024-50379",
"CVE-2024-54677",
"CVE-2025-24813",
"CVE-2025-24928"
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2025/04/22");
script_name(english:"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.6)");
script_set_attribute(attribute:"synopsis", value:
"The Nutanix AOS host is affected by multiple vulnerabilities .");
script_set_attribute(attribute:"description", value:
"The version of AOS installed on the remote host is prior to 7.0.1.6. It is, therefore, affected by multiple
vulnerabilities as referenced in the NXSA-AOS-7.0.1.6 advisory.
- Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information
disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache
Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34,
from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the
following were true, a malicious user was able to view security sensitive files and/or inject content into
those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT
(enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target
URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the
security sensitive files also being uploaded via partial PUT If all of the following were true, a
malicious user was able to perform remote code execution: - writes enabled for the default servlet
(disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file
based session persistence with the default storage location - application included a library that may be
leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or
9.0.99, which fixes the issue. (CVE-2025-24813)
- libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and
xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated
against an XML schema with certain identity constraints, or a crafted XML schema must be used.
(CVE-2024-56171)
- libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements
in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE:
this is similar to CVE-2017-9047. (CVE-2025-24928)
- The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were
designated as globally reachable or private. This affected the is_private and is_global properties of
the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network
classes, where values wouldn't be returned in accordance with the latest information from the IANA
Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these
registries and thus have the intended behavior. (CVE-2024-4032)
- A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote
code execution via its download functions. These functions, which are used to download packages from URLs
provided by users or retrieved from package index servers, are susceptible to code injection. If these
functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands
on the system. The issue is fixed in version 70.0. (CVE-2024-6345)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-7.0.1.6
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f016f12a");
script_set_attribute(attribute:"solution", value:
"Update the Nutanix AOS software to the recommended version. Before upgrading: if this cluster is registered with Prism
Central, ensure that Prism Central has been upgraded first to a compatible version. Refer to the Software Product
Interoperability page on the Nutanix portal.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/S:N/AU:N/R:U/RE:L");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:A");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-24813");
script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2024-8088");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/12/12");
script_set_attribute(attribute:"patch_publication_date", value:"2025/06/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:nutanix:aos");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("nutanix_collect.nasl");
script_require_keys("Host/Nutanix/Data/lts", "Host/Nutanix/Data/Service", "Host/Nutanix/Data/Version", "Host/Nutanix/Data/arch");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var app_info = vcf::nutanix::get_app_info();
var constraints = [
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7.0.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.0.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.9', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.10', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.10.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '7.0', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '7.0.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '7.0.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '7.0.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7.0.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.0.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.9', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.10', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.10.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '7.0', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '7.0.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '7.0.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
{ 'fixed_version' : '7.0.1.6', 'equal' : '7.0.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' }
];
vcf::nutanix::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation