Multiple vulnerabilities in Tenable.sc



Published: 2021-07-22
Risk High
Patch available YES
Number of vulnerabilities 47
CVE ID CVE-2019-19919
CVE-2019-19645
CVE-2020-7067
CVE-2020-7068
CVE-2020-7069
CVE-2020-7070
CVE-2020-7071
CVE-2021-21702
CVE-2021-21704
CVE-2021-21705
CVE-2019-16168
CVE-2019-19646
CVE-2020-7065
CVE-2020-11655
CVE-2020-11656
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-13631
CVE-2020-13632
CVE-2020-15358
CVE-2020-11022
CVE-2020-7066
CVE-2020-7064
CVE-2021-23358
CVE-2019-11043
CVE-2017-5661
CVE-2019-8331
CVE-2018-20676
CVE-2018-20677
CVE-2018-14040
CVE-2018-14042
CVE-2016-10735
CVE-2019-11041
CVE-2019-11042
CVE-2019-11044
CVE-2020-7063
CVE-2019-11045
CVE-2019-11046
CVE-2019-11047
CVE-2019-11048
CVE-2019-11049
CVE-2019-11050
CVE-2020-7059
CVE-2020-7060
CVE-2020-7061
CVE-2020-7062
CWE ID CWE-94
CWE-835
CWE-125
CWE-416
CWE-310
CWE-20
CWE-476
CWE-121
CWE-918
CWE-369
CWE-190
CWE-264
CWE-787
CWE-79
CWE-119
CWE-611
CWE-276
CWE-400
CWE-415
CWE-122
Exploitation vector Network
Public exploit Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #11 is available.
Public exploit code for vulnerability #22 is available.
Public exploit code for vulnerability #26 is available.
Public exploit code for vulnerability #31 is available.
Public exploit code for vulnerability #32 is available.
Public exploit code for vulnerability #33 is available.
Vulnerable software
Subscribe
Tenable.sc
Server applications / DLP, anti-spam, sniffers

Vendor Tenable Network Security

Security Advisory

1) Prototype pollution

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-19919

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Infinite loop

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-19645

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in alter.c that can be triggered via certain types of self-referential views in conjunction with ALTER TABLE statements. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-7067

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing untrusted input passed to urldecode() PHP function. A remote attacker can send specially crafted data to the application that uses the affected function and gain access to sensitive information on the system

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-7068

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the "phar_parse_zipfile" function. A remote attacker can can cause a denial of service (DoS) condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Cryptographic issues

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-7069

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the openssl_encrypt() function generates a wrong ciphertext and a wrong tag for AES-CCM for a 12 bytes IV. As a result, a 7-byte nonce is used instead of 12 bytes. A remote attacker can abuse such behavior and decrypt data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-7070

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists in the way PHP parser handles cookies with percent character (e.g. '%'). A remote attacker can send a crafted HTTP request with a `__%48ost-` or `__%53ecure-` cookie that will be processed before other cookies sent in the same request. As a result, an attacker can set malicious `__Host-` cookie on a subdomain and bypass origin restrictions, imposed by browsers.

Successful exploitation of the vulnerability may allow an attacker to perform a spoofing attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-7071

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of URL performed via the "FILTER_VALIDATE_URL" setting. A remote attacker can use the "@" characters in the URL to bypass implemented filter and force the application to accept arbitrary URL instead of the defined by the option.

Example:

http://evel.website@trusted.website

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) NULL pointer dereference

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2021-21702

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the SoapClient in PHP. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Stack-based buffer overflow

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2021-21704

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Multiple boundary errors exists within firebird_info_cb(), firebird_handle_doer(), firebird_stmt_execute(), and firebird_fetch_blob() function. A remote attacker can pass specially crafted input to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Server-Side Request Forgery (SSRF)

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2021-21705

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request, bypass the FILTER_VALIDATE_URL and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Division by zero

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-16168

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a division by zero error within the whereLoopAddBtreeIndex in sqlite3.c due to improper input validation in the sqlite_stat1 sz field. A remote attacker can pass specially crafted data to the application, trigger division by zero error and crash the vulnerable application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

12) Input validation error

Risk: Medium

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19646

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of NOT NULL in an integrity_check PRAGMA command in pragma.c when generating certain columns. A remote attacker can perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Stack-based buffer overflow

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-7065

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within php_unicode_tolower_full() function, as demonstrated by the mb_strtolower() call. A remote attacker can pass specially crafted data to the application that uses affected function, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Input validation error

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-11655

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when the AggInfo object's initialization is mishandled. A remote attacker can pass specially crafted input via a malformed window-function query to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-11656

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the ALTER TABLE implementation. A remote attacker can execute arbitrary code on the target system, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Integer overflow

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-13434

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow within the sqlite3_str_vappendf() function in printf.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and crash the application.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Input validation error

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-13435

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in sqlite3ExprCodeTarget() function in expr.c. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-13630

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the fts3EvalNextRow() function in ext/fts3/fts3.c. A remote attacker can pass specially crafted data to application, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Permissions, Privileges, and Access Controls

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13631

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due an error in alter.c and build.c files in SQLite that allows a local user to rename a virtual table into a shadow table. A local user with permissions to create virtual tables can renamed them and gain unauthorized access to the fronted application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) NULL pointer dereference

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-13632

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in ext/fts3/fts3_snippet.c in SQLite. A local user can trigger denial of service conditions via a crafted matchinfo() query.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds write

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-15358

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Cross-site scripting

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-11022

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: Yes

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the regex operation in "jQuery.htmlPrefilter". A remote attacker can pass specially crafted data to the application that uses .html(), .append() or similar methods for it and execute arbitrary JavaScript code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

23) Input validation error

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7066

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to get_headers() PHP function silently truncates headers after receiving a NULL byte character. A remote attacker can abuse this behavior to bypass implemented security restrictions with in the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7064

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within exif_read_data() PHP function. A remote attacker can pass specially crafted data to the application that uses the vulnerable function, trigger one byte out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Code Injection

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2021-23358

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11043

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in env_path_info in PHP-FPM when processing untrusted input passed via URL. A remote attacker can send a specially crafted HTTP request to the affected server, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that php-fpm is used with nginx and certain nginx configuration was applied:

  1. The nginx location directive forwards requests to PHP-FPM
  2. The fastcgi_split_path_info directive is present and includes a regular expression beginning with a ‘^’ symbol and ending with a ‘$’ symbol
  3. The fastcgi_param directive is used to assign the PATH_INFO variable
  4. There are no checks in place to determine whether or not a file exists (e.g., using try_files or an if statemen

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

27) Improper Restriction of XML External Entity Reference

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2017-5661

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform an XXE attack.

The vulnerability exists due to insufficient validation of user-supplied data when processing SVG files. A remote attacker can create a specially crafted SVG file, trick the victim into opening it with affected application and gain access to potentially sensitive information.

Successful exploitation of the vulnerability may lead to system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Cross-site scripting

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-8331

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Cross-site scripting

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-20676

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in the tooltip data-viewport attribute due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Cross-site scripting

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-20677

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in the affix configuration target property due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Cross-site scripting

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-14040

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in the data-parent attribute of the collapse plugin due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

32) Cross-site scripting

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-14042

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in the data-container property of the tooltip plugin due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

33) Cross-site scripting

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-10735

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via the "data-target" attribute. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

34) Out-of-bounds read

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11041

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the exif_read_data() function. A remote attacker can create a specially crafted image file, pass it to the application, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Out-of-bounds read

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11042

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the exif_read_data() function in PHP EXIF extention. A remote attacker can create a specially crafted image file, pass it to the application, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Input validation error

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11044

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Incorrect default permissions

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7063

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions for files and folders that are set during the Phar::buildFromIterator() call when adding files into tar archive. A local user can extract files from tar archive and gain access to otherwise restricted information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Input validation error

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11045

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Out-of-bounds read

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11046

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Out-of-bounds read

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11047

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Resource exhaustion

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11048

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way PHP handles long filenames or field names during file upload. A remote attacker can supply an overly long filename to the application that will lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This will lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Double Free

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11049

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within mail() function implementation. A remote attacker can pass specially crafted header in lowercase, trigger double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11050

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds read

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-7059

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when using the "fgetss()" function to read data with stripping tags. A remote attacker can supply data that will cause this function to read past the allocated buffer, trigger out-of-bounds read error and read contents of memory on the system or crash the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Out-of-bounds read

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-7060

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when using certain "mbstring" functions to convert multibyte encodings. A remote attacker can supply data that will cause function "mbfl_filt_conv_big5_wchar" to read past the allocated buffer, trigger out-of-bounds read error and read contents of memory on the system or crash the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Heap-based buffer overflow

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-7061

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the phar_extract_file() function. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) NULL pointer dereference

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-7062

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in session.c when handling file uploads. A remote attacker can send a specially crafted HTTP POST request to the affected application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0

CPE External links

https://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###