Tenable Nessus 6.x < 6.8 Multiple Vulnerabilities

critical Nessus Plugin ID 92465

Synopsis

An application running on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Tenable Nessus application running on the remote host is 6.x prior to 6.8. It is, therefore, affected by multiple vulnerabilities :

- A buffer overflow condition exists in the Expat XML parser due to improper validation of user-supplied input when handling malformed input documents. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0718)

- A stored cross-site (XSS) scripting vulnerability exists that can be exploited by an authenticated, remote attacker that has user-level access to the Nessus user interface. (CVE-2016-1000028)

- Multiple stored cross-site (XSS) scripting vulnerabilities exist that can be exploited by an authenticated, remote attacker that has administrative-level access to the Nessus user interface. These issues would only affect other users with administrative access. (CVE-2016-1000029)

Solution

Upgrade to Tenable Nessus version 6.8 or later.

See Also

https://www.tenable.com/security/tns-2016-11

Plugin Details

Severity: Critical

ID: 92465

File Name: nessus_tns_2016_11.nasl

Version: 1.14

Type: combined

Family: CGI abuses

Published: 7/20/2016

Updated: 6/12/2024

Configuration: Enable thorough checks

Supported Sensors: Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-0718

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:tenable:nessus, cpe:/a:libexpat:expat

Required KB Items: installed_sw/Tenable Nessus

Exploit Ease: No known exploits are available

Patch Publication Date: 7/19/2016

Vulnerability Publication Date: 5/17/2016

Reference Information

CVE: CVE-2016-0718, CVE-2016-1000028, CVE-2016-1000029

BID: 90729