QID 375656

QID 375656: Tenable Nessus Agent Multiple Vulnerabilities (TNS-2021-08)

Nessus Agents are lightweight programs installed locally on a host. Agents receive scanning instructions from a central Nessus Manager server, perform scans locally, and report vulnerability, compliance and system results back to the central server.

Two separate third-party components (OpenSSL and sqlite) were found to contain vulnerabilities, and updated versions have been made available by the providers.

Affected Versions:
Nessus Agent 8.2.1 through 8.2.3 (OpenSSL)
Nessus Agent 8.2.3 and earlier (sqlite)
NOTE:
CVE-2021-3450 is only affected to Nessus Agent Version from 8.2.1 to 8.2.3.
QID Detection Logic (Authenticated):
This QID checks for the existence of vulnerable versions of nessus agent in registry.

Successful exploitation of these vulnerabilities may affect the confidentiality and Integrity.

CVSS V3 rated as High - 7.4 severity.

CVSS V2 rated as Medium - 5.8 severity.

Solution

The vendor has issued a fix in Nessus Agent version 8.2.4. Refer to Nessus advisory TNS-2021-08 to address this issue and obtain more information.

Vendor References

TNS-2021-08 - www.tenable.com/security/tns-2021-08

CVEs related to QID 375656

CVE-2019-16168 | CVE-2021-3450 |

Software Advisories

Advisory ID	Software	Component	Link
TNS-2021-08			www.tenable.com/security/tns-2021-08

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].