According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running a version between 5.21.0 and 5.23.1 and is therefore affected by multiple vulnerabilities in OpenSSL prior to version 1.1.1t:
    
    - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to       recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an       attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability       affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. (CVE-2022-4304)

    - Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component:       Networking (OpenSSL)). The supported version that is affected is 12.4.0.0. Easily exploitable       vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Enterprise       Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Enterprise       Manager Ops Center. (CVE-2022-1292)

    - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the name, any header data and the       payload data. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case       PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that       has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead       to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to       achieve a denial of service attack. The OpenSSL asn1parse command line application is also impacted by this issue.       (CVE-2022-4450)

    - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used       internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user       applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a       BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient       public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this       case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously       freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely       result in a crash. (CVE-2023-0215)

Detections

Analytics

Tenable SecurityCenter <= 5.23.1 Multiple Vulnerabilities (TNS-2023-08)

critical Nessus Plugin ID 172139

Version 1.5