This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Matthijs Kooijman reports :
It seems that the whiptail, cdialog and kdialog backends apply some
improper escaping in their shell commands, causing special characters
present in menu item titles to be interpreted by the shell. This
includes the backtick evaluation operator, so this constitutes a
security issue, allowing execution of arbitrary commands if an
attacker has control over the text displayed in a menu.
See also :
Update the affected package.
Risk factor :