CVE-2017-11506Improper Certificate Validation in Nessus

CWE-295Improper Certificate Validation3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 71.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenable Nessus
Timeline
PublishedAug 9
Latest updateMay 17

Description

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

CVEListV5tenable/nessus6.x before 6.11
NVDtenable/nessus47 versions+46

🔴Vulnerability Details

2
GHSA
GHSA-rgmc-q3r4-jxvv: When linking a Nessus scanner or agent to Tenable2022-05-17
CVEList
CVE-2017-11506: When linking a Nessus scanner or agent to Tenable2017-08-09
CVE-2017-11506 — Improper Certificate Validation | cvebase