Tenable NNM Vulnerability - 20240619001¶
Overview¶
Tenable has released an advisory relating to their Nessus Network Monitoring (NNM) product. Several of the third-party components (OpenSSL, curl, chosen, datatables) were found to contain vulnerabilities, and updated versions have been made available by the providers.
Tenable has released Nessus Network Monitor 6.3.0 to address these issues.
What is vulnerable?¶
| Products Affected | CVE | CVSS | Severity |
|---|---|---|---|
| Tenable NNM version 6.2.3 and earlier | CVE-2023-5622 CVE-2023-5623 CVE-2023-5624 CVE-2018-25050 CVE-2021-23445 CVE-2023-0465 CVE-2023-0466 CVE-2023-1255 CVE-2023-2650 CVE-2023-3817 CVE-2023-3446 CVE-2023-38039 CVE-2023-4807 | 7.1 7.0 7.2 6.1 6.1 5.3 5.3 5.9 5.3 5.3 5.3 7.5 7.8 | High High High Medium Medium Medium Medium Medium Medium Medium Medium High High |
What has been observed?¶
There is no evidence or reports of exploitation in the wild at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):
- Tenable Advisory: https://www.tenable.com/security/tns-2023-34
Additional References¶
- Zero Day Initiative: https://www.zerodayinitiative.com/advisories/ZDI-24-801/