Tenable Nessus < 7.1.0 Multiple Vulnerabilities (TNS-2018-05)

Medium Nessus Plugin ID 110096

Synopsis

Tenable Nessus running on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 7.1.0. It is, therefore, affected by multiple vulnerabilities:

- Tenable Nessus contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the program does not properly sanitize input to a specially crafted .nessus file before returning it to users. This may allow an authenticated remote attacker to create a specially crafted request that executes arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2018-1147)

- Tenable Nessus contains a flaw that allows conducting a session fixation attack. This flaw exists because the application, when establishing a new session, does not invalidate an existing session identifier and assign a new one. With a specially crafted request fixating the session identifier, a context-dependent attacker can ensure a user authenticates with the known session identifier, allowing the session to be subsequently hijacked. (CVE-2018-1148)

Solution

Upgrade to Tenable Nessus version 7.1.0 or later.

See Also

https://www.tenable.com/security/tns-2018-05

Plugin Details

Severity: Medium

ID: 110096

File Name: nessus_tns_2018_05.nasl

Version: 1.4

Type: remote

Family: Misc.

Published: 2018/05/24

Updated: 2018/11/15

Dependencies: 10147

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 5.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:tenable:nessus

Required KB Items: installed_sw/nessus

Patch Publication Date: 2018/05/15

Vulnerability Publication Date: 2018/05/15

Reference Information

CVE: CVE-2018-1147, CVE-2018-1148

IAVB: 2018-B-0067