Lucene search

TenableCVELIST:CVE-2024-1683

HistoryFeb 23, 2024 - 12:02 a.m.

CVE-2024-1683 DLL Injection in Tenable Identity Exposure Secure Relay

2024-02-2300:02:52

CWE-78

tenable

www.cve.org

dll injection

tenable identity exposure

secure relay

vulnerability

local attacker

file modification

configuration override

service running

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

EPSS

Percentile

9.6%

JSON

A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "platforms": [
      "Windows"
    ],
    "product": "Tenable Identity Exposure Secure Relay",
    "vendor": "Tenable",
    "versions": [
      {
        "lessThan": "3.59.4",
        "status": "affected",
        "version": "3.42.17",
        "versionType": "3.59.4"
      }
    ]
  }
]

References

www.tenable.com/security/tns-2024-03

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

EPSS

Percentile

9.6%

JSON

Related for CVELIST:CVE-2024-1683