The safety alert issued for Tenable Security Nessus Network Monitor has acquired an replace from BSI. You can examine which functions and merchandise are affected by safety holes right here at information.de.
Federal workplace for Security in Information Technology (BSI) issued an replace on May 22, 2024 to a safety gap with a number of vulnerabilities in Tenable Security Nessus Network Monitor identified on April 29, 2024. The vulnerability impacts the Windows working system and Red Hat Enterprise Linux merchandise, the -Oracle Linux and Tenable Security Nessus Network Monitor.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Oracle Linux Security Advisory ELSA-2024-2910 (From 23 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple vulnerabilities of Tenable Security Nessus Network Monitor – Risk: medium
Risk degree: 3 (reasonable)
CVSS Base Score: 6.5
CVSS provisional rating: 5,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop programs. The CVSS commonplace makes it doable to check potential or precise safety dangers based mostly on varied metrics as a way to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For non permanent impact, body situations that will change over time are thought-about within the check. The severity of the vulnerability mentioned right here is assessed as “reasonable” in line with the CVSS with a base rating of 6.5.
Tenable Security Nessus Network Monitor Bug: Impact of IT Attacks
Tenable Nessus Network Monitor is a community monitoring instrument for detecting and monitoring community units and processes.
An attacker might exploit a number of vulnerabilities in Tenable Security Nessus Network Monitor to trigger a denial of service, tamper with information, or bypass safety measures.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) serial numbers. CVE-2023-28711, CVE-2024-25629, CVE-2023-46218 and CVE-2023-46219 on the market.
Systems affected by the safety hole at a look
working system
Windows
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Oracle Linux (cpe:/o:oracle:linux)
Tenable Security Nessus Network Monitor
Common steps to handle IT safety gaps
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically incorporates further details about the newest model of the software program in query and the provision of safety patches or efficiency suggestions.
- If you may have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to recurrently examine the required sources to see if a brand new safety replace is out there.
Sources for updates, patches and workarounds
Here you’ll find some hyperlinks with details about bug stories, safety fixes and workarounds.
Oracle Linux Security Advisory ELSA-2024-2910 vom 2024-05-23 (22.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2853 vom 2024-05-15 (15.05.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-2779 vom 2024-05-15 (14.05.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-2780 vom 2024-05-10 (12.05.2024)
For extra info, see:
Nessus Security Advisories vom 2024-04-29 (29.04.2024)
For extra info, see:
Version historical past of this safety alert
This is model 5 of this IT Security Notice for Tenable Security Nessus Network Monitor. This doc will likely be up to date as extra updates are introduced. You can examine modifications or additions on this model historical past.
April 29, 2024 – First model
May 12, 2024 – New Oracle Linux updates added
May 14, 2024 – New Oracle Linux updates added
May 15, 2024 – New updates from Red Hat have been added
May 22, 2024 – New Oracle Linux updates added
+++ Editorial be aware: This doc is predicated on present BSI information and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll find sizzling information, present movies and a direct line to the editorial crew.
kns/roj/information.de