[R1] Nessus Agent 7.1.0 Fixes Multiple Third-party Vulnerabilities

Nessus Agent leverages third-party software to help provide underlying functionality. Some of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade t...

[R1] Nessus Agent 7.1.0 Fixes Multiple Third-party Vulnerabilities

Nessus Agent leverages third-party software to help provide underlying functionality. Some of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade t...

[R1] Nessus 7.1.1 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. Some of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the...

[R1] Nessus Network Monitor 5.5.0 Fixes One Third-party Vulnerability

Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R1] Industrial Security 1.1.0 Fixes One Third-party Vulnerability

Industrial Security leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opte...

[R1] Nessus 7.1.0 Fixes Multiple Vulnerabilities

Nessus versions 7.0.3 and earlier have been found vulnerable to two separate issues. The first vulnerability XSS exists due to improper input validation. An authenticated attacker could create and upload a .nessus file, that may be viewed by an administrator allowing for the execution of arbitrar...

[R1] OpenSSL Stand-alone Patch Available for SecurityCenter versions 5.0 or Later

SecurityCenter leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...

[R2] SecurityCenter 5.6.2.1 Fixes One Third-party Vulnerability

SecurityCenter leverages third-party software to help provide underlying functionality. One of the third-party components PHP were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...

[R1] Tenable Appliance 4.7.0 Fixes One Vulnerability

Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins...

[R2] Nessus 7.0.3 Fixes One Vulnerability

When installing Nessus to a directory outside of the default location, Nessus did not enforce secure permissions for sub-directories on Windows operating systems. This could allow for local privilege escalation if users had not secured the directories in the installation location...

[R2] SecurityCenter 5.6.1 Fixes Multiple Third-party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...

[R1] Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade t...

[R1] SecurityCenter 5.6.0.1 Fixes Multiple Third-party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two of the third-party components PHP and OpenSSL were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R1] SecurityCenter 5.6.0 Fixes One Vulnerability

SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a...

[R1] SecurityCenter 5.3.2, 5.4.0, 5.4.2, 5.4.5, 5.5.0, and 5.5.1 Fixes Multiple Vulnerabilities

Tenable has released updates for SecurityCenter 5.3.2, 5.4.0, 5.4.2, 5.4.5, 5.5.0, and 5.5.1 to bring the version of PHP included with them to 5.6.31. PHP 5.6.31 addresses multiple vulnerabilities: CVE-2017-11142: In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers...

[R1] Nessus 6.11 Fixes One Vulnerability

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus did not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks. Please note that Tenable strongly recommends that Nessus be installed on a subnet tha...

[R3] Nessus 6.10.5 Fixes Two Vulnerabilities

Nessus was found to be vulnerable to a local privilege escalation issue and a local denial of service condition due to insecure permissions when running in Agent Mode. This may allow an attacker to gain administrative privileges on the system hosting a Nessus agent. Note that these are very simil...

[R1] LCE 5.0.1 Fixes Two Third-party Library Vulnerabilities

Log Correlation Engine LCE 5.0.0 is impacted by multiple vulnerabilities reported in a third-party library and an encryption algorithm. LCE was errantly using 3DES on TCP port 1243. The following vulnerabilities have been resolved with the updated libraries...

[R3] Nessus 6.10.4 Fixes One Vulnerability

Nessus was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. This may allow an attacker to gain administrative privileges on the system hosting a Nessus agent. This is tracked internally as NES-6023...

[R6] Tenable Appliance 4.5.0 Fixes Multiple Vulnerabilities

The Tenable Appliance has recently been discovered to contain several vulnerabilities. One exists in the underlying operating system kernel, two in the Appliance web interface, and multiple issues in bundled applications. Since the Appliance ships with other Tenable products, please consult the...