Multiple vulnerabilities in Tenable.sc
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2022-42915 CVE-2022-42916 CVE-2022-31129 CVE-2023-24493 CVE-2023-24494 CVE-2023-24495 CVE-2023-0476 |
| CWE-ID | CWE-415 CWE-319 CWE-185 CWE-20 CWE-79 CWE-918 CWE-90 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Tenable.sc Server applications / DLP, anti-spam, sniffers |
| Vendor | Tenable Network Security |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Double Free
EUVDB-ID: #VU68748
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42915
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing non-200 proxy HTTP responses for the following schemes: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, telnet. A remote attacker can trigger a double free error by forcing the application into connecting to resources that are not allowed by the configured proxy.
Mitigation
Install update from vendor's website.
Vulnerable software versionsTenable.sc: 3.0.2 - Patch 202209.1
External linkshttp://www.tenable.com/security/tns-2023-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cleartext transmission of sensitive information
EUVDB-ID: #VU68749
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42916
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when parsing URL with IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. A remote attacker can bypass curl's HSTS check and trick it into using unencrypted HTTP protocol.
Install update from vendor's website.
Vulnerable software versionsTenable.sc: 3.0.2 - Patch 202209.1
External linkshttp://www.tenable.com/security/tns-2023-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect Regular Expression
EUVDB-ID: #VU65835
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-31129
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of user-supplied input when parsing overly long strings. A remote attacker can pass a string that contains more that 10k characters and perform regular expression denial of service (ReDoS) attack.
Install update from vendor's website.
Vulnerable software versionsTenable.sc: 3.0.2 - Patch 202209.1
External linkshttp://www.tenable.com/security/tns-2023-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU71532
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24493
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to inject and execute arbitrary formulas.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.
MitigationInstall update from vendor's website.
Vulnerable software versionsTenable.sc: 3.0.2 - Patch 202209.1
External linkshttp://www.tenable.com/security/tns-2023-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stored cross-site scripting
EUVDB-ID: #VU71533
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24494
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsTenable.sc: 3.0.2 - Patch 202209.1
External linkshttp://www.tenable.com/security/tns-2023-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU71534
Risk: Low
CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24495
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote privileged user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsTenable.sc: 3.0.2 - Patch 202209.1
External linkshttp://www.tenable.com/security/tns-2023-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) LDAP injection
EUVDB-ID: #VU71535
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0476
CWE-ID:
CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to manipulate data in Active Directory.
The vulnerability exists due to improper input validation when processing DLAP queries. A remote authenticated user can generate data in Active Directory using the application account through blind LDAP injection.
MitigationInstall update from vendor's website.
Vulnerable software versionsTenable.sc: 3.0.2 - Patch 202209.1
External linkshttp://www.tenable.com/security/tns-2023-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
