Detections
Analytics
Tenable Security Center Multiple Vulnerabilities (TNS-2023-25)
medium Nessus Plugin ID 179954
Language:
Synopsis
An instance of Tenable SecurityCenter installed on the remote system is affected by multiple vulnerabilities.Description
According to its self-reported version, the Tenable Security Center running on the remote host is . It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-25 advisory.- Tenable Security Center leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of these issues. Tenable Security Center Patch SC-202307.1-5.23.1 updates OpenSSL to 1.1.1u to address the identified vulnerabilities.
(CVE-2023-0465, CVE-2023-0466, CVE-2023-2650)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Apply Tenable Security Center Patch SC-202307.1-5.23.1.See Also
Plugin Details
Severity: Medium
ID: 179954
File Name: securitycenter_5_23_1_tns_2023_25.nasl
Version: 1.4
Type: combined
Agent: unix
Family: Misc.
Published: 8/18/2023
Updated: 5/10/2024
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS Score Source: CVE-2023-0466
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:tenable:securitycenter
Exploit Ease: No known exploits are available
Patch Publication Date: 7/25/2023
Vulnerability Publication Date: 3/21/2023