FAQ About IngressNightmare Vulnerabilities (CVE-2025-1974...
FAQ About IngressNightmare Vulnerabilities (CVE-2025-1974 and more) On March 24, the Kubernetes team published a blog post and patches to address a series of vulnerabilities in the Ingress NGINX Controller for Kubernetes. CVE-2025-1097 CVE-2025-1098 CVE-2025-1974 CVE-2025-24513 CVE-2025-24514 Collectively, these flaws are being referred to as IngressNightmare. Of the five vulnerabilities, CVE-2025-1974 is considered the most severe, as it was assigned a CVSSv3 score of 9.8 and the only critical flaw. However, the five flaws combined create a toxic combination (exploit chain) that could allow an attacker to access cluster secrets, which could lead to a cluster takeover. For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our FAQ blog.
Coverage Released for XZ Utils Supply Chain Attack (CVE-2024-
Coverage Released for XZ Utils Supply Chain Attack (CVE-2024-3094) Summary Tenable has developed and released asset detection, vulnerability detection and Indicator of Compromise (IoC) plugins in response to the backdoor in XZ Utils, a widely used compression library found in multiple Linux distributions. The vulnerability is tracked as CVE-2024-3094 and CISA has issued an alert recommending that developers and users downgrade XZ Utils to an uncompromised version, such as XZ Utils 5.4.6 Stable. Impact Tenable has developed an asset detection plugin (192709) that can be used by our customers to identify and enumerate instances of XZ Utils, vulnerable or not, anywhere in their environment. We have also released a version check plugin, “XZ Utils 5.6.0 / 5.6.1 Liblzma Backdoor Check” (192737), that leverages the initial detection plugin and identifies XZ Utils versions 5.6.0 and 5.6.1 which are known to be potentially vulnerable. Note that this plugin is paranoid because not all instances of the affected versions of XZ Utils are known to be vulnerable to the backdoor. Please refer to the details in the plugin description, the included plugin links, and our Tenable Research FAQ for more information about this evolving vulnerability. Finally, Tenable has provided an IoC Plugin, “Potential exposure to XZ Utils SSH Backdoor (CVE-2024-3094)” (192708), which leverages the publicly known indicator of compromise (IoC), coded in NASL, to facilitate scanning at scale with Tenable Products. These three plugins can be used together to provide a comprehensive account of the XZ Utils installed footprint in customer environments and actionable advisement on where to target remediation efforts. Plugins 192709 - Tukaani XZ Utils Installed (Linux / Unix) 192737 - XZ Utils 5.6.0 / 5.6.1 Liblzma Backdoor Check 192708 - Potential exposure to XZ Utils SSH Backdoor (CVE-2024-3094) Target Release Date Immediate
Public CVE Portal Data Source Update Target Release Date...
Public CVE Portal Data Source Update Target Release Date August 31, 2023 Change Tenable’s public CVE lookup page, Tenable.com/cve, is changing the underlying content delivery source in an effort to enable sharing CVE information prior to NVD publication. Where available, CVE pages will now also contain links to published Tenable vulnerability guidance. CVEs may no longer contain references to CWEs. In the CPEs tab, CPE values will no longer be listed under their respective vulnerable configuration. Example of the changes is available at https://www.tenable.com/cve/CVE-2023-2868. Impact When looking up CVEs on the public Tenable.com/cve portal, users may notice a change in the user experience. Some data features on CVE pages may be altered as outlined in the paragraph above. Additional Notes Tenable will continue providing updates to the public CVE portal on a best-effort basis.Tenable OT Security Plugin Names and Solutions TARGET...
Tenable OT Security Plugin Names and Solutions TARGET RELEASE DATE Immediate APPLIES TO Tenable OT Security CHANGE Tenable Research has released new names and solutions for a subset of Tenable OT Security plugins to bring more detailed plugin names and comprehensive remediation information. These updates are reflected in the Tenable OT Security product and on the Tenable Plugins site. Depending on the Tenable OT Security version a manual feed update could be required if the “Cloud Updates” is not enabled. IMPACT For each applicable Tenable OT Security plugin, the name provides the vendor name, the device model and the vulnerability class and includes the CVE ID. The solution section is now detailed and a link to the CISA ICS advisory is provided when available. ADDITIONAL RESOURCES Tenable OT Security - Tenable Nessus Plugin Set Updates
Tenable.sc 6.0 We are excited to announce the general...
Tenable.sc 6.0 We are excited to announce the general availability of Tenable.sc 6.0! This release includes the following top enhancements: Global CVE Search - A new search bar that will provide a quick way to look up vulnerabilities and pull back all Tenable known information about those vulnerabilities New look and feel - Improved typography, navigation and login screen Universal Repository - A new Universal Repository type which will allow IPv4, IPv6, and Agent data to all live in the same repository. Updates through the feed - Download and install Tenable.sc updates from directly inside the console with an option to have these patches automatically installed as they get released. Health Dashboard - A dashboard for better insight of key metrics for a better understanding of your Tenable.sc infrastructure. Password Expiration - set expiration dates for user accounts. New Filters - Which include current year, previous year, and netbios name for customers to get visibility into what’s in their environment. Scan Policy Plugin Management - Plugin Families in Tenable.sc will now be able to have new plugins added to them and enabled, even if some plugins in the family are already disabled. To get started, download Tenable.sc 6.0 and view the release notes!Plugin Pipeline Background As new vulnerabilities are...
Plugin Pipeline Background As new vulnerabilities are discovered and released into the general public domain, Tenable Research promptly publishes plugins containing vulnerability information, recommended remediation actions, and the necessary algorithms to test for the presence of the security issue. Tenable Research has published over 175,000 plugins, covering 70,000+ CVE IDs and 30,000+ Bugtraq IDs. Summary At Tenable, we hold ourselves to the highest standard in delivering the best possible coverage to our customers and use a number of continuously improving processes to prioritize vulnerabilities. In an effort to increase transparency into the content development process, we are excited to announce the release of the Plugin Pipeline, found at www.tenable.com/plugins/pipeline. This new feature enables our customers to browse new plugins that the Tenable Research team prioritizes by CVE, detection status, or keyword search. Additionally, any new plugin coverage marked for pre-release communication will be shown under the Plugins tab for a given CVE on Tenable's CVE portal. Disclaimer: The Plugin Pipeline page does not represent an exhaustive list of plugins for which Tenable Research intends to provide coverage. The decision to surface pre-release information is granted on a per-instance basis by Tenable subject matter experts; in some cases, that includes vetted automation processes. Similarly, this page does not include information for all currently available plugins. For a full list, visit the Plugin Search portal. Detection status Plugins on the Plugin Pipeline page are categorized into one of the following detection statuses: In development: Tenable Research team is actively developing a coverage solution. Pending release: The plugin is in the production build & release pipeline; development and review are complete. Recently published: The plugin has been published on the displayed date. Release Date December 14th, 2022
VMware vRealize Network Insight Advisory (CVE-2022-31702)...
VMware vRealize Network Insight Advisory (CVE-2022-31702) Post published on behalf of Ciarán Walsh VMware has patched two vulnerabilities found in vRealize Network Insight (vRNI), one of which was given a rating of "Critical". The more severe of these vulnerabilities, CVE-2022-31702, is a command injection vulnerability in the vRNI REST API. The vulnerability has been given a CVSSv3 score of 9.8. When exploited, the vulnerability could allow an unauthenticated, remote attacker to execute arbitrary commands on vulnerable devices. According to VMware, exploitation of this vulnerability has not been detected and there is no publicly available proof-of-concept code as of yet. However, due to the critical rating of the vulnerability and low attack complexity, organizations should prioritize patching this flaw. CVE-2022-31703 is a directory traversal vulnerability also in vRNI REST API that received a CVSSv3 score of 7.5. Threat actors with network access can leverage this vulnerability to read files from the server. VMware has issued patches for both vulnerabilities, and has provided guidance on which versions need remediation.Microsoft’s November 2022 Patch Tuesday Addresses 62 CVEs (CV
Microsoft’s November 2022 Patch Tuesday Addresses 62 CVEs (CVE-2022-41073) Microsoft patched 62 CVEs in the November 2022 Patch Tuesday update, including nine rated as critical, and 53 rated as important. Four of the vulnerabilities patched this month have been observed exploited in the wild as zero days. Microsoft also released patches for the two zero-day vulnerabilities in Microsoft Exchange Server (CVE-2022-41040 and CVE-2022-41082) disclosed at the end of September. CVE-2022-41049 is a security feature bypass vulnerability affecting Windows Mark of the Web that has been exploited in the wild and for which exploit code is publicly available. Microsoft also patched CVE-2022-41073, an elevation of privilege vulnerability affecting the Windows Print Spooler service. The vulnerability carries a CVSSv3 score of 7.8 and discovery was credited to Microsoft Threat Intelligence Center. For more information about this month's Patch Tuesday release, including Tenable product coverage, please visit our blog.
Tenable Log4Shell Scan Templates Overview Tenable has...
Tenable Log4Shell Scan Templates Overview Tenable has developed the following Nessus, Tenable.sc and Tenable.io, WAS and Agent Scan Templates to streamline our customers’ Log4j vulnerability management efforts. Each of these scan templates packages the recommended scan configurations and plugins to conduct common or repeated Log4j vulnerability scanning activities. Log4Shell Remote Checks This Nessus, Tenable.sc and Tenable.io template provides an external view by assessing your systems from an outside attacker’s perspective. No credentials are required and detection is based on direct remote checks to detect exposure. Review https://community.tenable.com/s/feed/0D53a00008E3hKzCAJ for requirements about plugins 156014 and 155998 that are included in this template. Log4Shell Vulnerability Ecosystem Use this Nessus, Tenable.sc and Tenable.io template to begin your assessment with the most comprehensive set of plugins. It includes: All plugins for CVE-2021-44228, including the generic local and remote detections Plugin for CVE-2021-45046 Plugin for EOL detection for Log4J v1.x Plugins for software from third party vendors that have patched CVE-2021-44228 in their products This template is dynamic, and will be regularly updated with new plugins developed as third party vendors patch their software. A new plugin 156061 - Log4Shell Ecosystem Wrapper was developed to dynamically include plugins related to the Log4j vulnerabilities into this scan template. It is a wrapper plugin that will be used to keep the template dynamically updated. Details of the plugins that are included in this scan template can be found here - https://www.tenable.com/plugins/nessus/156061 Additionally, this dynamic template is released with the “Hide results from plugins initiated as a dependency” setting disabled ensuring all dependent plugins that do not normally report to show up in the template scan results. Re-scanning at regular intervals is recommended and credentials are required for local plugins. Review https://community.tenable.com/s/feed/0D53a00008E3hKzCAJ for requirements about plugins included in this template. Log4Shell This Nessus, Tenable.sc and Tenable.io scan template includes generic plugins for detection of CVE-2021-44228 that are based on whether the Log4J library is being used. Credentials are required for local detection. Review https://community.tenable.com/s/feed/0D53a00008E3hKzCAJ for requirements about plugins included in this template. WAS Log4Shell This Tenable WAS scan template includes generic detection of CVE-2021-44228 via direct check and file detection WAS plugins. Agent Log4Shell This Nessus Agent scan template includes 4 local plugins for CVE-2021-44228 detection on Nessus Agent systems. Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.
CVE-2021-44228/CVE-2021-45046 Windows and Linux Mitigation...
CVE-2021-44228/CVE-2021-45046 Windows and Linux Mitigation Audits Summary: In some environments, customers who can’t patch their systems to protect against the Log4j vulnerabilities need a way to evaluate if their systems are using the proper vendor provided workaround mitigation measures for CVE-2021-4228 and CVE-2021-45046. In both of these CVE advisories, the vendor recommends upgrading to a non-vulnerable version, or if users are not able to upgrade they “may remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class” as a workaround. Tenable has developed audits that can evaluate Windows and Linux systems to detect if the workaround mitigation has been applied correctly. Please note, this audit does not assess the current Log4j version level which is the primary vendor recommended mitigation. Since the workaround mitigation for CVE-2021-44228 and CVE-2021-45046 are the same we are providing a single audit file for each OS type. These Tenable Audits complement the currently available Vulnerability Detection and Remote Direct Check Plugins to provide best breadth and depth of coverage for assessing our customers security posture on this emerging threat. Impact: Customers can now detect if Log4j workaround mitigations have been correctly applied on their systems by using the CVE-2021-44228 / CVE-2021-45046 audits. These audits detect and report if the JndiLookup vulnerable classpath resides on Windows and Linux environments which is an indication that the workaround mitigation was not properly implemented. Audits: The following audits can be found here: cve-2021-44228_cve-2021-45046-windows.audit cve-2021-44228_cve-2021-45046-linux.audit Target Release Date: Immediate
