Tenable.sc 5.16.0 / 5.17.0 OpenSSL DoS (TNS-2021-06)

#TRUSTED 78aff56f718bce52e07f89b6626d7799299b6f7af1c85744668ce86e5abbceff807a83ca0a7e7742fee51417fd5d3b2cdb5e78d8cf95aff7019f539bea220cb4c32d796fd53c6aa9f06edd1d045912abcebe109d662ab73600e02732a4778c4b8913fc91c7f977cb490a674d46a2824b4c21a93e77c1f4fa328303712d4ad4cb3dda7012ec205b64ff4429a7f5c135b8aead5f41462350b9be05a2a9677364f3b7581ad88dd90cdb9c3bbc840af1576da5a930579abd6c9b3601d346560e80f3d1b5fda801ed0e4690b05a6ef3bf10073f59c74560ae67613c5511d3a5290f400824786b4d273fd6f08763339ac705f876a57b6451b486d299bd0eb139081fcfa70c14c3f7f2066d65e751bf55a5d9e7d2442ef60f06d7631a528e4bf9467ecdf41cbecfe2ef9ab2f36492b57d34bac259485d7c348aac1dc3c46fc87f0556e0c3cfdf0cfe5560f00ab8cc362b9487624102c9a4d6b55091318217026fd01f26316d514d83b764f82375d5d42da8feeff9b23d3cbf871a436d7c159a3f1da6194b42ed9932242553221abd01b359ced28363a583cd48bbb5d4e0e0f288ffe0599c7430bf57d0659945927e07713a9c2ecc6ebd09a5c127fe59bf598437cf5cda8f9789d784704689e86460b5ad345f8b4a6c3d9cd3e9169217167c67ba4a01d31708c9c52273041503fe41d1c6b54e5be2c984db0df1a8e067d2f541a016cd8c
#TRUST-RSA-SHA256 19de73f256c04d304e9e6865515a65af0976860be9adff1ab9f2739f4118dabf0986467a286b90a3a309588c0486d243973e89f65a4ec445f269bf59ca03dbcf5443b9469cfc573f27b4d7924e514fdf4db5743f0658b0c3620fc944848c269287aee7f5777b184fa147b446ce73c109fefb6d8431e6c848a90ce3580b5023910b822c0a7f4a7c43ee517e245856a44e3a8da6798523ade2ae7d02690555ecc20bdbeeb617a759c02b7b1b5a190e899cff8019d0b1544421caee362871a8bedd8f88871542c3932c528aaa5485b0513d81c2bfc503fc6dbabacca2fa4be0af3317192b779b00c34f0b7537277f250714a6724dda20507c41cb840413e97628430b0df3b54cb62e2fc9affe13707ff5778cb33fbbc03d78e2961c606e87b6dfadbeaeb3e579bedbaf7dbd0f97c968e1383657c0fe886d9b91039dc93d1b4c688067a2943c7565be02042ba79b84406f3a1863884c6afaa4e300639697c8ebd5c442bed27c89f524f5fc94811ca8b0cb2eaf42e3a397dea3be6e5e5a99d9e5398bb20c27e5acc9e0196706ab1b63f454169cb41c75b20abe1d43503c824ac3685f169564dd53a3ea8fd780870459180a50244a42ff66534a68c106432c036e9bd0011aa1b32b4a4934de1d709ffbf9fbb839587bfbc9d5d61622bad29cad045cd387e09786325f9ab561b4f854dd3a40098d236e16d64d062ec3a5c43d503ab869
##
# (C) Tenable Network Security, Inc.
##

include('compat.inc');

if (description)
{
  script_id(148404);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/05");

  script_cve_id("CVE-2021-3449");
  script_xref(name:"IAVA", value:"2021-A-0149-S");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");

  script_name(english:"Tenable.sc 5.16.0 / 5.17.0 OpenSSL DoS (TNS-2021-06)");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote host is affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Tenable.sc application installed on the remote host is version 5.16.0 or
5.17.0 and affected by the following OpenSSL denial of service vulnerability:

  - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a
    TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial
    ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result,
    leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation
    enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1
    versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not
    impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/tns-2021-06");
  # https://docs.tenable.com/releasenotes/Content/tenablesc/tenablesc2021041.htm
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c531f5e9");
  script_set_attribute(attribute:"solution", value:
"Install Tenable.sc Patch SC-202104.1 or update to version 5.18.0 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3449");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/04/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tenable:securitycenter");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("securitycenter_installed.nbin");
  script_require_ports("installed_sw/SecurityCenter");

  exit(0);
}

include('vcf_extras.inc');

var app_info = vcf::tenable_sc::get_app_info();

if (app_info.version !~ "^5.1[67].0$")
  audit(AUDIT_INST_VER_NOT_VULN, app_info.app, app_info.version);

var patches = make_list('SC-202104.1');
vcf::tenable_sc::check_for_patch(app_info:app_info, patches:patches);

vcf::report_results(app_info:app_info, fix:'Tenable.sc Patch SC-202104.1', severity:SECURITY_WARNING);