10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.133 Low
EPSS
Percentile
95.6%
The version of XZ Utils installed on the remote host is potentially affected by a backdoor vulnerability.
Note: This plugin is paranoid because not all instances of the affected versions of XZ Utils are known to be vulnerable to the backdoor. The method of installation of XZ Utils plays a role in whether the install is vulnerable or not. However, multiple vendors have rolled out remediation fixes as a precaution.
Nessus has not tested for this issue but has instead relied only on the applicationβs self-reported version number.
As this detection can lead to potential false positives, it is recommended that manual verification of identified instances be performed.
For more information, refer to https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(192737);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/07");
script_cve_id("CVE-2024-3094");
script_xref(name:"IAVA", value:"2024-A-0327");
script_name(english:"XZ Utils 5.6.0 / 5.6.1 Liblzma Backdoor Check");
script_set_attribute(attribute:"synopsis", value:
"The version of XZ Utils installed on the remote host is affected by a backdoor vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of XZ Utils installed on the remote host is potentially affected by a backdoor vulnerability.
Note: This plugin is paranoid because not all instances of the affected versions of XZ Utils are
known to be vulnerable to the backdoor. The method of installation of XZ Utils plays a role in whether
the install is vulnerable or not. However, multiple vendors have rolled out remediation
fixes as a precaution.
Nessus has not tested for this issue but has instead relied only on the application's
self-reported version number.
As this detection can lead to potential false positives, it is recommended that manual
verification of identified instances be performed.
For more information, refer to https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils");
# https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ff42ccd0");
# https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?14f3969d");
# https://community.tenable.com/s/article/How-does-Show-potential-false-alarms-impact-a-scan-scanning-in-paranoid-mode?language=en_US
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?179ce062");
script_set_attribute(attribute:"solution", value:
"See vendor advisory.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-3094");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/29");
script_set_attribute(attribute:"patch_publication_date", value:"2024/03/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/01");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:xz-utils");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("xz_utils_nix_installed.nbin");
script_require_keys("installed_sw/XZ Utils", "Settings/ParanoidReport");
exit(0);
}
include('vcf.inc');
var app = 'XZ Utils';
if (report_paranoia < 2) audit(AUDIT_PARANOID);
var app_info = vcf::get_app_info(app:app);
var constraints = [
{ 'min_version' : '5.6.0', 'max_version' : '5.6.1', 'fixed_display' : 'See vendor advisory.'}
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Vendor | Product | Version | CPE |
---|---|---|---|
xz-utils | p-cpe:/a:xz-utils |
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.133 Low
EPSS
Percentile
95.6%