Tenable Nessus Agent 6.x < 6.11 MITM Vulnerability During Linking (TNS-2017-11)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote Windows host is affected by
a MITM vulnerability.

Description :

The version of Nessus Agent installed on the remote Windows host is
6.x prior to 6.11. It is, therefore, affected by a MITM vulnerability
that can be exploited during the agent linking process. This is due to
the fact that during an initial connection to Tenable.io or Nessus
Manager when linking the agent, it does not verify the server
certificate.

See also :

http://www.tenable.com/security/tns-2017-11

Solution :

Upgrade to Tenable Nessus Agent version 6.11 or later.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 102274 ()

Bugtraq ID:

CVE ID: CVE-2017-11506

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now