Lucene search

[email protected]CVE-2017-11506

HistoryAug 09, 2017 - 12:29 p.m.

CVE-2017-11506

2017-08-0912:29:00

CWE-295

[email protected]

web.nvd.nist.gov

cve-2017-11506

nessus

tls certificate

tenable.io

man-in-the-middle attack

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

40.5%

JSON

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager’s TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.

Affected configurations

NVD

Node

tenablenessusMatch6.0.0

tenablenessusMatch6.0.1

tenablenessusMatch6.0.2

tenablenessusMatch6.1.0

tenablenessusMatch6.1.1

tenablenessusMatch6.1.2

tenablenessusMatch6.2.0

tenablenessusMatch6.2.1

tenablenessusMatch6.3.0

tenablenessusMatch6.3.1

tenablenessusMatch6.3.2

tenablenessusMatch6.3.3

tenablenessusMatch6.3.4

tenablenessusMatch6.3.5

tenablenessusMatch6.3.6

tenablenessusMatch6.3.7

tenablenessusMatch6.4.0

tenablenessusMatch6.4.1

tenablenessusMatch6.4.2

tenablenessusMatch6.4.3

tenablenessusMatch6.5.0

tenablenessusMatch6.5.1

tenablenessusMatch6.5.2

tenablenessusMatch6.5.3

tenablenessusMatch6.5.4

tenablenessusMatch6.5.5

tenablenessusMatch6.5.6

tenablenessusMatch6.6.0

tenablenessusMatch6.6.1

tenablenessusMatch6.6.2

tenablenessusMatch6.7.0

tenablenessusMatch6.8.0

tenablenessusMatch6.8.1

tenablenessusMatch6.9.0

tenablenessusMatch6.9.1

tenablenessusMatch6.9.2

tenablenessusMatch6.9.3

tenablenessusMatch6.10.0

tenablenessusMatch6.10.1

tenablenessusMatch6.10.2

tenablenessusMatch6.10.3

tenablenessusMatch6.10.4

tenablenessusMatch6.10.5

tenablenessusMatch6.10.6

tenablenessusMatch6.10.7

tenablenessusMatch6.10.8

tenablenessusMatch6.10.9

CPENameOperatorVersion
tenable:nessustenable nessuseq6.0.0
tenable:nessustenable nessuseq6.0.1
tenable:nessustenable nessuseq6.0.2
tenable:nessustenable nessuseq6.1.0
tenable:nessustenable nessuseq6.1.1
tenable:nessustenable nessuseq6.1.2
tenable:nessustenable nessuseq6.2.0
tenable:nessustenable nessuseq6.2.1
tenable:nessustenable nessuseq6.3.0
tenable:nessustenable nessuseq6.3.1

CPE	Name	Operator	Version
tenable:nessus	tenable nessus	eq	6.0.0
tenable:nessus	tenable nessus	eq	6.0.1
tenable:nessus	tenable nessus	eq	6.0.2
tenable:nessus	tenable nessus	eq	6.1.0
tenable:nessus	tenable nessus	eq	6.1.1
tenable:nessus	tenable nessus	eq	6.1.2
tenable:nessus	tenable nessus	eq	6.2.0
tenable:nessus	tenable nessus	eq	6.2.1
tenable:nessus	tenable nessus	eq	6.3.0
tenable:nessus	tenable nessus	eq	6.3.1

Rows per page:

1-10 of 471

CNA Affected

[
  {
    "product": "Nessus",
    "vendor": "Tenable",
    "versions": [
      {
        "status": "affected",
        "version": "6.x before 6.11"
      }
    ]
  }
]

References

www.securitytracker.com/id/1039141

www.tenable.com/security/tns-2017-11

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

40.5%

JSON

Related for CVE-2017-11506

prion1 nessus1 cvelist1 nvd1