Multiple vulnerabilities in Tenable Nessus Agent

Published: 2021-04-09 | Updated: 2021-06-20

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2019-16168 CVE-2021-3450
CWE-ID	CWE-369 CWE-254
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software Subscribe	Nessus Agent Client/Desktop applications / Other client software
Vendor	Tenable Network Security

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Division by zero

EUVDB-ID: #VU23188

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-16168

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a division by zero error within the whereLoopAddBtreeIndex in sqlite3.c due to improper input validation in the sqlite_stat1 sz field. A remote attacker can pass specially crafted data to the application, trigger division by zero error and crash the vulnerable application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Nessus Agent: 8.0.0 - 8.2.3

External links

http://www.tenable.com/security/tns-2021-08

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Security features bypass

EUVDB-ID: #VU51732

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3450

CWE-ID: CWE-254 - Security Features

Exploit availability: No