Lucene search
K

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.6)

🗓️ 26 Jun 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 23 Views

Nutanix AOS prior to 7.0.1.6 has multiple vulnerabilities, including out-of-bounds memory issues.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(240643);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/19");

  script_cve_id(
    "CVE-2024-4032",
    "CVE-2024-5535",
    "CVE-2024-56171",
    "CVE-2024-6345",
    "CVE-2024-6923",
    "CVE-2024-8088",
    "CVE-2024-50379",
    "CVE-2024-54677",
    "CVE-2025-24813",
    "CVE-2025-24928"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2025/04/22");

  script_name(english:"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.6)");

  script_set_attribute(attribute:"synopsis", value:
"The Nutanix AOS host is affected by multiple vulnerabilities .");
  script_set_attribute(attribute:"description", value:
"The version of AOS installed on the remote host is prior to 7.0.1.6. It is, therefore, affected by multiple
vulnerabilities as referenced in the NXSA-AOS-7.0.1.6 advisory.

  - Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information
    disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache
    Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34,
    from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are
    known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the
    following were true, a malicious user was able to view security sensitive files and/or inject content into
    those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT
    (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target
    URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the
    security sensitive files also being uploaded via partial PUT If all of the following were true, a
    malicious user was able to perform remote code execution: - writes enabled for the default servlet
    (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file
    based session persistence with the default storage location - application included a library that may be
    leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or
    9.0.99, which fixes the issue. (CVE-2025-24813)

  - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and
    xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated
    against an XML schema with certain identity constraints, or a crafted XML schema must be used.
    (CVE-2024-56171)

  - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements
    in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE:
    this is similar to CVE-2017-9047. (CVE-2025-24928)

  - The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were
    designated as globally reachable or private. This affected the is_private and is_global properties of
    the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network
    classes, where values wouldn't be returned in accordance with the latest information from the IANA
    Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these
    registries and thus have the intended behavior. (CVE-2024-4032)

  - A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote
    code execution via its download functions. These functions, which are used to download packages from URLs
    provided by users or retrieved from package index servers, are susceptible to code injection. If these
    functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands
    on the system. The issue is fixed in version 70.0. (CVE-2024-6345)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-7.0.1.6
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f016f12a");
  script_set_attribute(attribute:"solution", value:
"Update the Nutanix AOS software to the recommended version. Before upgrading: if this cluster is registered with Prism
Central, ensure that Prism Central has been upgraded first to a compatible version. Refer to the Software Product
Interoperability page on the Nutanix portal.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/S:N/AU:N/R:U/RE:L");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:A");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-24813");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2024-8088");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/12/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/06/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:nutanix:aos");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("nutanix_collect.nasl");
  script_require_keys("Host/Nutanix/Data/lts", "Host/Nutanix/Data/Service", "Host/Nutanix/Data/Version", "Host/Nutanix/Data/arch");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_info = vcf::nutanix::get_app_info();

var constraints = [
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7.0.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.0.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.9', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.10', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.10.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '7.0', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '7.0.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '7.0.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '7.0.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7.0.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.7.1.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.0.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.8.1.9', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.10', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.10.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '6.10.1.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '7.0', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '7.0.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '7.0.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' },
  { 'fixed_version' : '7.0.1.6', 'equal' : '7.0.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.6 or higher.' }
];

vcf::nutanix::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE
);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

19 Apr 2026 00:00Current
8.3High risk
Vulners AI Score8.3
CVSS 3.19.8 - 10
CVSS 38.8
CVSS 48.7
EPSS0.99945
SSVC
23