CVE-2017-11506

Опубликовано: 09 авг. 2017

Источник: nvd

CVSS3: 7.4

CVSS2: 5.8

EPSS Низкий

Описание

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.

Ссылки

http://www.securitytracker.com/id/1039141
Third Party Advisory
VDB Entry
https://www.tenable.com/security/tns-2017-11
Vendor Advisory
http://www.securitytracker.com/id/1039141
Third Party Advisory
VDB Entry
https://www.tenable.com/security/tns-2017-11
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tenable:nessus:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.2.0:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.2.1:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.3.0:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.3.1:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.3.2:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.3.3:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.3.4:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.3.5:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.3.6:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.3.7:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.4.0:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.4.1:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.4.2:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.4.3:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.5.0:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.5.1:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.5.2:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.5.3:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.5.4:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.5.5:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.5.6:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.6.0:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.6.1:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.6.2:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.7.0:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.8.0:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.8.1:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.9.0:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.9.1:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.9.2:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.9.3:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.10.0:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.10.1:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.10.2:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.10.3:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.10.4:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.10.5:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.10.6:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.10.7:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.10.8:*:*:*:*:*:*:*

cpe:2.3:a:tenable:nessus:6.10.9:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00104

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-rgmc-q3r4-jxvv