CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
AI Score
Confidence
Low
The version of VMware ESXi installed on the remote host is prior to 7.0 Update 3q or 8.0 prior to 8.0 Update 3. It is, therefore, affected by an out-of-bounds read vulnerability as referenced in the VMSA-2024-0013 advisory:
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(201125);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/07/01");
script_cve_id("CVE-2024-37086");
script_xref(name:"VMSA", value:"2024-0013");
script_xref(name:"IAVA", value:"2024-A-0373");
script_name(english:"VMware ESXi 7.0 / 8.0 Out-of-Bounds read (CVE-2024-37086)");
script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESXi host is affected by a out-of-bounds read vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of VMware ESXi installed on the remote host is prior to 7.0 Update 3q or 8.0 prior to 8.0 Update 3. It is,
therefore, affected by an out-of-bounds read vulnerability as referenced in the VMSA-2024-0013 advisory:
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?04fbf245");
script_set_attribute(attribute:"solution", value:
"Upgrade to VMware ESXi 7.0 Update 3p, 8.0 Update 1d, or 8.0 Update 2b or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-37086");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/06/25");
script_set_attribute(attribute:"patch_publication_date", value:"2024/06/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/28");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("vmware_vsphere_detect.nbin");
script_require_keys("Host/VMware/release", "Host/VMware/vsphere");
exit(0);
}
var fixes = make_array(
'7.0.0', 23794019,
'7.0.1', 23794019,
'7.0.2', 23794019,
'7.0.3', 23794019,
'8.0.0', 24022510,
'8.0.1', 24022510,
'8.0.2', 24022510,
'8.0.3', 24022510
);
var fixed_display = make_array(
'7.0.0', '7.0U3q 23794019',
'7.0.1', '7.0U3q 23794019',
'7.0.2', '7.0U3q 23794019',
'7.0.3', '7.0U3q 23794019',
'8.0.0', '8.0U3 24022510',
'8.0.1', '8.0U3 24022510',
'8.0.2', '8.0U3 24022510',
'8.0.3', '8.0U3 24022510'
);
var rel = get_kb_item_or_exit('Host/VMware/release');
if ('ESXi' >!< rel) audit(AUDIT_OS_NOT, 'ESXi');
var port = get_kb_item_or_exit('Host/VMware/vsphere');
var match = pregmatch(pattern:"^VMware ESXi?o? ([0-9]+\.[0-9]+\.[0-9]+)", string:rel);
if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, 'VMware ESXi', '7.0 / 8.0');
var ver = match[1];
if (ver !~ "^((7|8)\.0)") audit(AUDIT_OS_NOT, 'ESXi 7.0 / 8.0');
var fixed_build = fixes[ver];
if (empty_or_null(fixed_build)) audit(AUDIT_INST_VER_NOT_VULN, 'VMware ESXi', ver);
match = pregmatch(pattern:"^VMware ESXi?o?.*build-([0-9]+)$", string:rel);
if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, 'VMware ESXi', '7.0 / 8.0');
var build = int(match[1]);
if (build >= fixed_build) audit(AUDIT_INST_VER_NOT_VULN, 'VMware ESXi', ver + ' build ' + build);
var report = '\n ESXi version : ' + rel +
'\n Installed build : ' + build +
'\n Fixed build : ' + fixed_display[ver] +
'\n';
security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
AI Score
Confidence
Low