Tenable Nessus Agent 6.x < 6.11 MITM Vulnerability During Linking (TNS-2017-11)

Medium Nessus Plugin ID 102274


An application installed on the remote Windows host is affected by a MITM vulnerability.


The version of Nessus Agent installed on the remote Windows host is 6.x prior to 6.11. It is, therefore, affected by a MITM vulnerability that can be exploited during the agent linking process. This is due to the fact that during an initial connection to Tenable.io or Nessus Manager when linking the agent, it does not verify the server certificate.


Upgrade to Tenable Nessus Agent version 6.11 or later.

See Also


Plugin Details

Severity: Medium

ID: 102274

File Name: tenable_nessus_agent_tns_2017_11.nasl

Version: $Revision: 1.4 $

Type: local

Agent: windows

Family: Windows

Published: 2017/08/08

Modified: 2017/08/28

Dependencies: 100574

Risk Information

Risk Factor: Medium


Base Score: 5.8

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 5.4

Temporal Score: 5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:tenable:nessus

Required KB Items: installed_sw/Nessus Agent

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/08/07

Vulnerability Publication Date: 2017/08/08

Reference Information

CVE: CVE-2017-11506

OSVDB: 163003