SB2025052606 - Multiple vulnerabilities in Tenable Network Monitor
Published: May 26, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Covert Timing Channel (CVE-ID: CVE-2024-13176)
The vulnerability allows a remote attacker to recover a private key.
The vulnerability exists due to a timing side-channel in ECDSA signature computations. A remote attacker can recover the private key and decrypt data.
Successful exploitation of the vulnerability requires that the attacker's process must either be located in the same physical computer or must have a very fast network connection with low latency.
2) Out-of-bounds read (CVE-ID: CVE-2025-32414)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to an out-of-bounds read that occurs in the Python API (Python bindings) because of an incorrect return value. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
3) Heap-based buffer overflow (CVE-ID: CVE-2025-32415)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the xmlSchemaIDCFillNodeTables() function. A remote attacker can pass specially crafted XML data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Stack-based buffer overflow (CVE-ID: CVE-2024-8176)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling XML content. A remote attacker can pass specially crafted XML content to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Input validation error (CVE-ID: CVE-2024-50602)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the XML_ResumeParser function. A remote attacker can pass specially crafted XML input to the application and perform a denial of service (DoS) attack.
6) Out-of-bounds write (CVE-ID: CVE-2024-9143)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when using the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial. A remote attacker can send specially crafted input to the server, trigger an out-of-bounds write and perform a denial of service (DoS) attack.
Note, the vulnerability can be exploited against the application in rare cases only that involve "exotic" curve encoding.
7) Integer overflow (CVE-ID: CVE-2025-0725)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when handling gzip decompression of content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option using zlib 1.2.0.3 or older. A remote attacker can send specially crafted response to the application, trigger an integer overflow and execute arbitrary code on the target system.
8) Incorrect default permissions (CVE-ID: CVE-2025-24916)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application when installing Tenable Network Monitor to a non-default location on a Windows host. A local user with access to the system can view contents of files and directories or modify them.
9) Information disclosure (CVE-ID: CVE-2025-0167)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to application can leak credentials when asked to use a .netrc file for credentials and to follow HTTP redirects. A remote attacker can gain access to sensitive information.
10) Information disclosure (CVE-ID: CVE-2024-11053)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when using a .netrc file for credentials and an instruction to follow HTTP redirects. The cURL library can leak credentials intended for the first URL prior to redirection. This however will only occur if the .netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.
11) Comparison using wrong factors (CVE-ID: CVE-2024-9681)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error in HSTS cache implementation. When curl is asked to use HSTS, the expiry time for a subdomain can overwrite a parent domain's cache entry, making it end sooner or later
than otherwise intended. This can lead to situations when the website becomes unavailable or force the client to switch to HTTP from HTTP connection earlier than intended.
12) NULL pointer dereference (CVE-ID: CVE-2024-8006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the pcap_findalldevs_ex() function in pcap.c. A local user can perform a denial of service (DoS) attack.
13) Double free (CVE-ID: CVE-2023-7256)
The vulnerability allows a local user to crash the application.
The vulnerability exists due to a boundary error when configure for emote packet capture. A local user can trigger a double free error and crash the application.
14) Untrusted search path (CVE-ID: CVE-2025-24917)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local unprivileged user can place a malicious file into the local directory and execute arbitrary code with SYSTEM privileges.
Remediation
Install update from vendor's website.