- 52/2023
- Critical
Tenable has released security updates to fix multiple vulnerabilities in Tenable.sc versions 5.22.0 to 5.23.1 and 6.0.0.
The addressed vulnerabilities could allow the remote attacker to cause a denial of service, obtain information, or gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Curl libcurl Denial of Service (CVE-2022-42915):
• CVSS: 9.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Denial of Service
2. Curl libcurl Information Disclosure (CVE-2022-42916):
• CVSS: 7.5
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Obtain Information
Vulnerabilities
- CVE-2022-42915
- CVE-2022-42916
- CVE-2022-37436
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.