CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
79.4%
Tenable Nessus Agent is prone to multiple vulnerabilities in OpenSSL.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:tenable:nessus_agent";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.170473");
script_version("2024-02-09T14:47:30+0000");
script_tag(name:"last_modification", value:"2024-02-09 14:47:30 +0000 (Fri, 09 Feb 2024)");
script_tag(name:"creation_date", value:"2023-05-17 09:49:53 +0000 (Wed, 17 May 2023)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-02-18 21:48:00 +0000 (Sat, 18 Feb 2023)");
script_cve_id("CVE-2022-4203", "CVE-2022-4304", "CVE-2022-4450", "CVE-2023-0215",
"CVE-2023-0216", "CVE-2023-0217", "CVE-2023-0401");
script_tag(name:"qod_type", value:"registry");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Tenable Nessus Agent 10.2.1 <= 10.3.1 Multiple Vulnerabilities (TNS-2023-12)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("General");
script_dependencies("gb_tenable_nessus_agent_detect_smb.nasl");
script_mandatory_keys("tenable/nessus_agent/detected");
script_tag(name:"summary", value:"Tenable Nessus Agent is prone to multiple vulnerabilities in OpenSSL.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Nessus Agent leverages third-party software to help provide underlying
functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated
versions have been made available by the providers.
Nessus Agent 10.3.2 updates OpenSSL to version 3.0.8 to address the identified vulnerabilities.");
script_tag(name:"affected", value:"Tenable Nessus Agent version 10.2.1 through 10.3.1.");
script_tag(name:"solution", value:"Update to version 10.3.2 or later.");
script_xref(name:"URL", value:"https://www.tenable.com/security/tns-2023-12");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if (!infos = get_app_version_and_location(cpe: CPE, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_in_range(version: version, test_version: "10.2.1", test_version2: "10.3.1")) {
report = report_fixed_ver(installed_version: version, fixed_version: "10.3.2", install_path: location);
security_message(port: 0, data: report);
exit(0);
}
exit(99);
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
79.4%