- 281/2023
- High
Tenable has released security updates to fix multiple vulnerabilities in several third-party components (curl, OpenSSL, zlib) affecting multiple tenable products.
The addressed vulnerabilities could allow the attacker to execute arbitrary code, conduct denial of service attacks, bypass security restrictions, or gain elevated privileges to the affected system by loading a specially crafted file during installation or upgrade.
Sample of the addressed vulnerabilities:
Tenable Nessus Agent Privilege Escalation Vulnerability (CVE-2023-5847):
- CVSS: 7.3
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Gain Privileges
Affected products:
- Nessus 10.5.5 and earlier.
- Nessus 10.6.1 and earlier.
- Nessus Agent 10.4.2.
- Security Center 5.23.1, 6.0.0, 6.1.0, 6.1.1, and 6.2.0.
Vulnerabilities
- CVE-2023-5847
- CVE-2023-38545
- CVE-2023-38546
- CVE-2023-45853
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.