Tenable Nessus < 8.0.0 Multiple Vulnerabilities (TNS-2018-14)
Medium Nessus Plugin ID 118398
SynopsisTenable Nessus running on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version, the Tenable Nessus application running on the remote host is prior to 8.0.0. It is, therefore, affected by multiple vulnerabilities:
- Tenable Nessus contains a flaw in the bundled third-party component OpenSSL library's key handling during a TLS handshake that causes a denial of service vulnerability due to key handling during a TLS handshake. (CVE-2018-0732)
- Tenable Nessus contains a flaw in the bundled third-party component OpenSSL library's RSA Key generation algorithm that allows a cache timing side channel attack to recover the private key. (CVE-2018-0737)
SolutionUpgrade to Tenable Nessus version 8.0.0 or later.