CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
AI Score
Confidence
Low
EPSS
Percentile
16.3%
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.0.15. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.0.15 advisory.
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file (CVE-2024-4854)
Memory handling issue in editcap could cause denial of service via crafted capture file (CVE-2024-4853)
Use after free issue in editcap could cause denial of service via crafted capture file (CVE-2024-4855)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(197095);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/07/12");
script_cve_id("CVE-2024-4853", "CVE-2024-4854", "CVE-2024-4855");
script_xref(name:"IAVB", value:"2024-B-0061-S");
script_name(english:"Wireshark 4.0.x < 4.0.15 Multiple Vulnerabilities (macOS)");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote macOS / Mac OS X host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.0.15. It is, therefore, affected by
multiple vulnerabilities as referenced in the wireshark-4.0.15 advisory.
- MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to
3.6.22 allow denial of service via packet injection or crafted capture file (CVE-2024-4854)
- Memory handling issue in editcap could cause denial of service via crafted capture file (CVE-2024-4853)
- Use after free issue in editcap could cause denial of service via crafted capture file (CVE-2024-4855)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-4.0.15.html");
script_set_attribute(attribute:"see_also", value:"https://gitlab.com/wireshark/wireshark/-/issues/19726");
script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2024-07");
script_set_attribute(attribute:"see_also", value:"https://gitlab.com/wireshark/wireshark/-/issues/19724");
script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2024-08");
script_set_attribute(attribute:"see_also", value:"https://gitlab.com/wireshark/wireshark/-/issues/19782");
script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2024-09");
script_set_attribute(attribute:"see_also", value:"https://gitlab.com/wireshark/wireshark/-/issues/19783");
script_set_attribute(attribute:"see_also", value:"https://gitlab.com/wireshark/wireshark/-/issues/19784");
script_set_attribute(attribute:"solution", value:
"Upgrade to Wireshark version 4.0.15 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-4855");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2024-4854");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/14");
script_set_attribute(attribute:"patch_publication_date", value:"2024/05/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_wireshark_installed.nbin");
script_require_keys("installed_sw/Wireshark", "Host/MacOSX/Version", "Host/local_checks_enabled");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'Wireshark');
var constraints = [
{ 'min_version' : '4.0.0', 'max_version' : '4.0.14', 'fixed_version' : '4.0.15' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4853
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4854
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4855
gitlab.com/wireshark/wireshark/-/issues/19724
gitlab.com/wireshark/wireshark/-/issues/19726
gitlab.com/wireshark/wireshark/-/issues/19782
gitlab.com/wireshark/wireshark/-/issues/19783
gitlab.com/wireshark/wireshark/-/issues/19784
www.wireshark.org/docs/relnotes/wireshark-4.0.15.html
www.wireshark.org/security/wnpa-sec-2024-07
www.wireshark.org/security/wnpa-sec-2024-08
www.wireshark.org/security/wnpa-sec-2024-09
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
AI Score
Confidence
Low
EPSS
Percentile
16.3%