Detections
Analytics

Tenable Nessus < 7.1.0 Multiple Vulnerabilities (TNS-2018-05)

medium Nessus Plugin ID 110096

Language:

Synopsis

Tenable Nessus running on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 7.1.0. It is, therefore, affected by multiple vulnerabilities:

 - Tenable Nessus contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the program does not properly sanitize input to a specially crafted .nessus file before returning it to users. This may allow an authenticated remote attacker to create a specially crafted request that executes arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2018-1147)

 - Tenable Nessus contains a flaw that allows conducting a session fixation attack. This flaw exists because the application, when establishing a new session, does not invalidate an existing session identifier and assign a new one. With a specially crafted request fixating the session identifier, a context-dependent attacker can ensure a user authenticates with the known session identifier, allowing the session to be subsequently hijacked. (CVE-2018-1148)

Solution

Upgrade to Tenable Nessus version 7.1.0 or later.

See Also

https://www.tenable.com/security/tns-2018-05

Plugin Details

Severity: Medium

ID: 110096

File Name: nessus_tns_2018_05.nasl

Version: 1.8

Type: combined

Agent: windows, macosx, unix

Family: Misc.

Published: 5/24/2018

Updated: 2/8/2023

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS Score Source: CVE-2018-1148

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:tenable:nessus

Required KB Items: installed_sw/Tenable Nessus

Exploit Ease: No known exploits are available

Patch Publication Date: 5/15/2018

Vulnerability Publication Date: 5/15/2018

Reference Information

CVE: CVE-2018-1147, CVE-2018-1148