Tenable Nessus 6.x < 6.8 Multiple Vulnerabilities

High Nessus Plugin ID 92465

Synopsis

An application running on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Tenable Nessus application running on the remote host is 6.x prior to 6.8. It is, therefore, affected by multiple vulnerabilities :

- A buffer overflow condition exists in the Expat XML parser due to improper validation of user-supplied input when handling malformed input documents. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0718)

- A stored cross-site (XSS) scripting vulnerability exists that can be exploited by an authenticated, remote attacker that has user-level access to the Nessus user interface. (CVE-2016-1000028)

- Multiple stored cross-site (XSS) scripting vulnerabilities exist that can be exploited by an authenticated, remote attacker that has administrative-level access to the Nessus user interface. These issues would only affect other users with administrative access. (CVE-2016-1000029)

Solution

Upgrade to Tenable Nessus version 6.8 or later.

See Also

https://www.tenable.com/security/tns-2016-11

Plugin Details

Severity: High

ID: 92465

File Name: nessus_tns_2016_11.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 2016/07/20

Updated: 2018/06/14

Dependencies: 10147

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9

Temporal Score: 7.6

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:U/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:tenable:nessus, cpe:/a:libexpat:expat

Required KB Items: installed_sw/nessus

Patch Publication Date: 2016/07/19

Vulnerability Publication Date: 2016/05/17

Reference Information

CVE: CVE-2016-0718, CVE-2016-1000028, CVE-2016-1000029

BID: 90729