Vulnerability reported for Python Unsupported Version Detection
search cancel

Vulnerability reported for Python Unsupported Version Detection

book

Article ID: 382198

calendar_today

Updated On: 11-18-2024

Products

VMware vSphere ESXi

Issue/Introduction

Python Unsupported Version Detection
The remote host contains one or more unsupported versions of Python. (Nessus Plugin ID 148367)

https://www.tenable.com/plugins/nessus/148367

CVSS Score Rationale: Tenable score for unsupported software.
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: manual

Nexus scan output:

Plugin Output: 
The following Python installation is unsupported :

  Path              : 
  Port              : 5000
  Installed version : 3.6.15
  Latest version    : 3.10
  Support dates     : 2021-12-23 (end of life)

Environment

ESXi 7.x

Resolution

The python version bundled with vSphere 7.x is 3.8 , however the nexus tool reports the python version as 3.6.

The security vulnerability is reported for python version 3.6 version , there is no issue with the version 3.8.

These are false positive,  customer need to work with scan tool vendor to understand why wrong version of python is published in the  scan report.

To clarify take a SSH session to the host and run python --version to get the correct version.