Ephemeral Network Port Range Update for remote check plugin 155998

Summary: Plugin 155998 requires a callback to the scanner host to confirm the vulnerability status of the target. That callback happens by binding to the ephemeral network port when the plugin establishes a connection to the scan target. Previous versions of Plugin 155998 used an ephemeral port range from 1,024 up to 65,535. In some environments, inbound firewall rules on the scanner host were found to deny the callback communication leaving the plugin to report a false negative FN for the Log4Scan vulnerability. The range of ephemeral ports for callback communication was reduced to 50,000-60,000 to enable a reduced number of inbound firewall rules that have to be opened for plugin 155998 to report properly. 

Impact: In restricted network environments, Tenable customers will now be able to open a smaller known range of firewall ports inbound to scanner hosts to improve detection of Log4Shell vulnerabilities Justin remote check plugin 155998.

Changes:The ephemeral network port range for plugin 155998 was reduced from 1,024-65,535 to 50,000-60,000 to reduce the scope of inbound firewall ports to scanner hosts. 

Target Release Date:

15 DEC 2021

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.