Detections
Analytics

Tenable SecurityCenter 5.22.0 / 5.23.1 Multiple Vulnerabilities (TNS-2023-05)

high Nessus Plugin ID 171869

Language:

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running 5.22.0 or 5.23.1 and is therefore affected by multiple vulnerabilities in curl starting with 7.77.0 and before 7.86.0:
- If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. (CVE-2022-42915)
- In curl the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion. (CVE-2022-42916)

Solution

Apply the security patch referenced in the vendor advisory.

See Also

https://www.tenable.com/security/tns-2023-05

http://www.nessus.org/u?c126983d

Plugin Details

Severity: High

ID: 171869

File Name: securitycenter_6_0_0_tns_2023_05.nasl

Version: 1.6

Type: combined

Agent: unix

Family: Misc.

Published: 2/23/2023

Updated: 5/10/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2022-42916

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2022-42915

Vulnerability Information

CPE: cpe:/a:tenable:securitycenter

Exploit Ease: No known exploits are available

Patch Publication Date: 2/21/2023

Vulnerability Publication Date: 2/21/2023

Reference Information

CVE: CVE-2022-42915, CVE-2022-42916

IAVA: 2023-A-0059-S