Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.VMWARE_ESXI_VMSA-2024-0006.NASLHistoryMar 07, 2024 - 12:00 a.m.
VMware ESXi 7.0 / 8.0 Multiple Vulnerabilities (VMSA-2024-0006)
2024-03-0700:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
260
vmware esxi
vulnerabilities
use-after-free
out-of-bounds write
xhci usb
uhci usb
information disclosure
CVSS3
9.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
9.0%
The version of VMware ESXi installed on the remote host is prior to 7.0 Update 3p, 8.0 prior to 8.0 Update 1d, or 8.0 prior to 8.0 Update 2b. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2024-0006 advisory:
-
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. (CVE-2024-22252)
-
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. (CVE-2024-22253)
-
VMware ESXi contains an out-of-bounds write vulnerability. (CVE-2024-22254)
-
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller.
(CVE-2024-22255)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(191711);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/08");
script_cve_id(
"CVE-2024-22252",
"CVE-2024-22253",
"CVE-2024-22254",
"CVE-2024-22255"
);
script_xref(name:"VMSA", value:"2024-0006");
script_xref(name:"IAVA", value:"2024-A-0120");
script_name(english:"VMware ESXi 7.0 / 8.0 Multiple Vulnerabilities (VMSA-2024-0006)");
script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESXi host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of VMware ESXi installed on the remote host is prior to 7.0 Update 3p, 8.0 prior to 8.0 Update 1d, or 8.0
prior to 8.0 Update 2b. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2024-0006
advisory:
- VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. (CVE-2024-22252)
- VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. (CVE-2024-22253)
- VMware ESXi contains an out-of-bounds write vulnerability. (CVE-2024-22254)
- VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller.
(CVE-2024-22255)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2024-0006.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to VMware ESXi 7.0 Update 3p, 8.0 Update 1d, or 8.0 Update 2b or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-22252");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2024-22253");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/05");
script_set_attribute(attribute:"patch_publication_date", value:"2024/03/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("vmware_vsphere_detect.nbin");
script_require_keys("Host/VMware/release", "Host/VMware/vsphere");
exit(0);
}
var fixes = make_array(
'7.0.0', 23307199,
'7.0.1', 23307199,
'7.0.2', 23307199,
'7.0.3', 23307199,
'8.0.0', 23299997,
'8.0.1', 23299997,
'8.0.2', 23305545
);
var fixed_display = make_array(
'7.0.0', '7.0U3 23307199',
'7.0.1', '7.0U3 23307199',
'7.0.2', '7.0U3 23307199',
'7.0.3', '7.0U3 23307199',
'8.0.0', '8.0U1 23299997',
'8.0.1', '8.0U1 23299997',
'8.0.2', '8.0U2 23305545'
);
var rel = get_kb_item_or_exit('Host/VMware/release');
if ('ESXi' >!< rel) audit(AUDIT_OS_NOT, 'ESXi');
var port = get_kb_item_or_exit('Host/VMware/vsphere');
var match = pregmatch(pattern:"^VMware ESXi?o? ([0-9]+\.[0-9]+\.[0-9]+)", string:rel);
if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, 'VMware ESXi', '7.0 / 8.0');
var ver = match[1];
if (ver !~ "^(7\.0|8\.0)") audit(AUDIT_OS_NOT, 'ESXi 7.0 / 8.0');
var fixed_build = fixes[ver];
if (empty_or_null(fixed_build)) audit(AUDIT_INST_VER_NOT_VULN, 'VMware ESXi', ver);
match = pregmatch(pattern:"^VMware ESXi?o?.*build-([0-9]+)$", string:rel);
if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, 'VMware ESXi', '7.0 / 8.0');
var build = int(match[1]);
if (build >= fixed_build) audit(AUDIT_INST_VER_NOT_VULN, 'VMware ESXi', ver + ' build ' + build);
var report = '\n ESXi version : ' + rel +
'\n Installed build : ' + build +
'\n Fixed build : ' + fixed_display[ver] +
'\n';
security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);Related
thn
thn
VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws
2024-03-06 07:20:00
VMware Patches Severe Security Flaws in Workstation and Fusion Products
2024-05-14 15:49:00
hivepro
hivepro
Critical VMware Vulnerabilities Leading To Sandbox Escape
2024-03-11 09:51:13
vmware
vmware
nessus
nessus
VMware Fusion 13.0.x < 13.5.1 Multiple Vulnerabilities (VMSA-2024-0006)
2024-03-05 00:00:00
VMware Workstation 17.0.x < 17.5.1 Multiple Vulnerabilities (VMSA-2024-0006)
2024-03-05 00:00:00
malwarebytes
malwarebytes
kaspersky
kaspersky
KLA64773 Multiple vulnerabilities in VMware Workstation
2024-03-05 00:00:00
cvelist
cvelist
CVE-2024-22253 Use-after-free vulnerability
2024-03-05 17:57:27
CVE-2024-22254 Out-of-bounds write vulnerability
2024-03-05 17:58:24
CVE-2024-22255 Information disclosure vulnerability
2024-03-05 17:58:35
cve
cve
nvd
nvd
vulnrichment
vulnrichment
CVE-2024-22254 Out-of-bounds write vulnerability
2024-03-05 17:58:24
CVE-2024-22255 Information disclosure vulnerability
2024-03-05 17:58:35
CVE-2024-22252 Use-after-free vulnerability
2024-03-05 17:57:22
prion
prion
Information disclosure
2024-03-05 18:15:00
Double free
2024-03-05 18:15:00
Design/Logic Flaw
2024-03-05 18:15:00
CVSS3
9.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
9.0%
Related for VMWARE_ESXI_VMSA-2024-0006.NASL