SB2023012557 - Multiple vulnerabilities in Tenable.sc

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023012557

SB2023012557 - Multiple vulnerabilities in Tenable.sc

Published: January 25, 2023

Security Bulletin ID SB2023012557
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 43% Low 57%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Double Free (CVE-ID: CVE-2022-42915)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing non-200 proxy HTTP responses for the following schemes: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, telnet. A remote attacker can trigger a double free error by forcing the application into connecting to resources that are not allowed by the configured proxy.



2) Cleartext transmission of sensitive information (CVE-ID: CVE-2022-42916)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when parsing URL with IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. A remote attacker can bypass curl's HSTS check and trick it into using unencrypted HTTP protocol.


3) Incorrect Regular Expression (CVE-ID: CVE-2022-31129)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user-supplied input when parsing overly long strings. A remote attacker can pass a string that contains more that 10k characters and perform regular expression denial of service (ReDoS) attack.


4) Input validation error (CVE-ID: CVE-2023-24493)

The vulnerability allows a remote user to inject and execute arbitrary formulas.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.


5) Stored cross-site scripting (CVE-ID: CVE-2023-24494)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


6) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2023-24495)

The disclosed vulnerability allows a remote user to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input. A remote privileged user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.


7) LDAP injection (CVE-ID: CVE-2023-0476)

The vulnerability allows a remote user to manipulate data in Active Directory.

The vulnerability exists due to improper input validation when processing DLAP queries. A remote authenticated user can generate data in Active Directory using the application account through blind LDAP injection.


Remediation

Install update from vendor's website.

References