- 311/2022
- Critical
Tenable has released a security update to fix a vulnerability in Tenable.ad’s thirdparty component Erlang.
The addressed vulnerability could allow the remote attacker to perform a client authentication bypass in certain client-certification situations for SSL, TLS, and DTLS via sending a specially-crafted request. The remote attacker could exploit this vulnerability to gain access to the affected system and bypass access restrictions.
Erlang OTP security bypass (CVE-2022-37026):
• CVSS: 9.8
• Attack Vector: Network
• Attack Complexity: low
• Privileges Required: None
• User Interaction: None
• Consequences: Bypass Security
Affected Products:
• Tenable.ad 3.29.3.
• Tenable.ad 3.19.8 – 3.19.11.
• Tenable.ad 3.11.3 – 3.11.7.
Vulnerabilities
- CVE-2022-37026
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.