16 matches found
EUVD-2017-3123
Malware in sbrugna...
CVE-2023-2005
Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID 202306261202 ; Nessus: before Plugin Feed ID 202306261202 ; Security Center: before Plugin Feed ID 202306261202 . This vulnerability could allow a malicious actor with...
Code injection
Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID 202306261202 ; Nessus: before Plugin Feed ID 202306261202 ; Security Center: before Plugin Feed ID 202306261202 . This vulnerability could allow a malicious actor with...
CVE-2023-2005
This CVE affects Tenable.Io, Nessus, and Tenable Security Center prior to Plugin Feed ID #202306261202. The issue enables a user with scan-target permissions to place a binary in a specific filesystem location to escalate privileges via the impacted plugin. Remediation per PT-2023-17405 recommend...
CVE-2023-2005 Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability
Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID 202306261202 ; Nessus: before Plugin Feed ID 202306261202 ; Security Center: before Plugin Feed ID 202306261202 . This vulnerability could allow a malicious actor with...
Apache Log4j Message Lookup Substitution RCE (Log4Shell) (Direct Check)
Binary data apachelog4jjdnildapgeneric.nbin...
VulnWhisperer - Create Actionable Data From Your Vulnerability Scans
Createactionable data from your vulnerability scans VulnWhisperer is a vulnerability management tool and report aggregator. VulnWhisperer will pull all the reports from the different Vulnerability scanners and create a file with a unique filename for each one, using that data later to sync with...
First look at Tenable.io Web Application Scanner (WAS)
When Tenable firstly announced Web Application Security scanner as a part of their new Tenable.io platform, it was quite intriguing. Certainly, they already had some WAS functionality before in Nessus. For example, path traversal check was pretty good. But this functionality was quite fragmental...
Tenable University: Nessus Certificate of Proficiency
Yesterday I finished "Nessus Certificate of Proficiency" learning plan at Tenable University and passed the final test. Here I would like to share my impressions. First of all, few words about my motivation. I use Nessus literally every day at work. So, it was fun to check my knowledge. I already...
Nessus Manager disappeared and Tenable.io On-Prem was announced
If you open Tenable Products page right now you will not see Nessus Manager there anymore. Nessus Manager page "The Power of Nessus for Teams" was also deleted. However, it is still mentioned in the product comparison. Agent-Based Scanning in SecurityCenter and SecurityCenter Continuous View "...
Vulnerability Management for Network Perimeter
Network Perimeter is like a door to your organization. It is accessible to everyone and vulnerability exploitation does not require any human interactions, unlike, for example, phishing attacks. Potential attacker can automate most of his actions searching for an easy target. It's important not t...
Study Vulnerability Assessment in Tenable University for free
Not so long ago, Tenable presented renewed online training platform - Tenable University. It is publicly available even for non-customers, for example, for Nessus Home users. However, not all courses are available in this case. I decided to check it out, registering as non-customer. Logged in...
Design/Logic Flaw
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks...
CVE-2017-11506
Affected software and scenario: Nessus Agent and Nessus Scanner prior to version 6.11 (6.x) when linking to Tenable.io or other manager. Root cause: during the initial outgoing connection, the manager’s TLS certificate is not verified, creating a potential MITM condition. Impact: could allow an a...
[R1] Nessus 6.11 Fixes One Vulnerability
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus did not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks. Please note that Tenable strongly recommends that Nessus be installed on a subnet tha...
Do not scan localhost on the Tenable Appliance or Tenable.io
Binary data dontscanlocalhost.nbin...