Tenable vCenter Integration: Report Active and Inactive...
Tenable vCenter Integration: Report Active and Inactive Virtual Machines Summary Tenable has introduced a new option to the VMware vCenter API credential called “Report Active and Inactive Virtual Machines”, which is an optional toggle. Change Prior to this change, the integration would always collect information about active and inactive virtual machines, regardless of auto-discovery settings. These virtual machines would be listed in the output of the “VMware vCenter Active Virtual Machines” (84340) and “VMware vCenter Inactive Virtual Machines” (84341) plugins. The new UI field allows for this collection to be disabled. The default value of this option is “on”, which is consistent with the integration’s behavior prior to this change. Impact For credentials found in Tenable Vulnerability Management scan configuration, the value may be “off” for existing scans. For other configurations, the value should be “on” by default so that scan behavior is completely unchanged. Though this change does not affect vulnerability findings but instead only informational-level output, we nevertheless encourage customers to check their scan configuration and ensure that the setting is set according to their preference. Release Date Nov 13, 2024 for TVM and Nessus TBD for SCESXi Version Information from vCenter REST API Summary We...
ESXi Version Information from vCenter REST API Summary We are proud to announce to our Tenable customers our latest integration enhancement with the ability to gather ESXi host version information from the vCenter REST API. This feature is available when using the VMware vCenter integration credential and the customer's vCenter/ESXi version is 7.0.3 or higher. This feature was developed for customers with ESXi hosts that are managed by a vCenter, but are not routable by the Nessus scanner on their network. Customer’s vCenter/ESXi environments may be configured as such where the ESXi hosts are not routable by the scanner for various reasons (ex. do not allow incoming connections, firewall rules, etc…). We now have the capability to get ESXi version information directly from the vCenter host REST API. Credential Configuration Considerations Customers will not see any changes to the VMware vCenter credential. However, customers will need to enable Auto-Discovery of ESXi hosts to take advantage of this feature. When the ESXi host is automatically added to the scan using Auto-Discovery of ESXi hosts, Tenable determines if the scanner can communicate with the host. If not, Tenable will allow the host to be scanned and therefore vulnerability detections will run, at the very least based on the ESXi version information collected. Release Date March 25, 2024 - TVM, Nessus, and Security CenterVMware Integration IPv6 Support Summary To meet the...
VMware Integration IPv6 Support Summary To meet the growing needs of our customers, Tenable is proud to announce support for IPv6 environments in vCenter and ESXi integrations. Change Minor changes were made to the vCenter collection plugin (63062) and vCenter auto-discovery plugin (180179), as well as to compliance checks. The integrations now correctly resolve IPv6 addresses of ESXi servers that are managed by vCenter. Impact There is no impact to existing configurations. If customers encounter issues with the integrations, please open a ticket with Technical Support. Release Date October 21, 2024VMware Integration Documentation Updates Summary Tenable...
VMware Integration Documentation Updates Summary Tenable has released centralized VMware Integration documentation along with helpful additions to improve customer success with the integration. Documents can now be found on our Tenable Integrations documentation website: https://docs.tenable.com/Integrations.htm. VMware Documentation Link: https://docs.tenable.com/integrations/VMware/Content/Introduction.htm Change In addition to making it easier to find VMware Integration documentation, Tenable has added helpful resources for customers in the following areas: What the integration does and does not do vCenter and ESXi required permissions API testing through curl Credentialed Checks clarification Reviewing scan results and troubleshooting Plugin families and plugin behavior Release Date June 21, 2024 - TVM, Nessus, and Security CenterVMware vCenter PAM Support Summary We are proud to announce...
VMware vCenter PAM Support Summary We are proud to announce to Tenable customers the latest enhancement with the introduction of the VMware vCenter API credential featuring Privilege Access Manager (PAM) Integration support. This functionality enables customers to authenticate to the vCenter API using either manual entry credentials or by leveraging one of our PAM integrations to retrieve the vCenter API credential from the specified PAM. The newly introduced credential serves the same purpose as our existing "VMware vCenter SOAP API" credential. However, it eliminates confusion by removing the term "SOAP" from the credential, emphasizing its compatibility with both REST and SOAP API versions. This update streamlines privileged access for customers, facilitating the use of PAM integration features. With this addition, customers can now benefit from a more comprehensive understanding of their cyber exposure through credentialed vulnerability scans. Please note that the old credential will not be removed at this time to avoid any disruption to customer experience. Nevertheless, we strongly recommend that customers migrate to the new "VMware vCenter API" credential. This will be fully available in Nessus Manager and TVM on Wednesday May 15th, 2024. The release date for Security Center support is yet to be determined. Supported PAM Integrations: Arcon BeyondTrust Password Safe CyberArk CyberArk (Legacy) Delinea Secret Server Hashicorp Vault QiAnXin Senhasegura WALLIX Bastion Plugin Impacts When using a PAM to authenticate to vCenter API in this new credential, please refer to our new plugin ID (186662) “vmware_vsphere_vcenter_settings.nasl” in the debug logs for any PAM related logs. Example, if using VMware vCenter API with CyberArk support, the file will display as “vmware_vsphere_vcenter_settings.nbin~CyberArk”. Release Date May 15th, 2024 - TVM, Nessus; TBD for Security Center.
VMWare vCenter Integrations Functionality Changes Summary...
VMWare vCenter Integrations Functionality Changes Summary We will be releasing changes to the functionality of the VMWare vCenter Integrations, this document will describe those changes. These changes do not affect the discovery and reporting of VMware Security Advisories. Vulnerability Management There will be no changes to the discovery and vulnerability assessment functionality of the for vCenter and ESXi. Tenable is able to collect required versions unauthenticated using vmware_vsphere_detect.nbin (57396) and vmware_vcenter_detect.nbin (63061). These checks can be found in the VMware ESX Local Security Checks plugin family and require no authentication via the integration. vCenter Integration Informational VIBs and Host data With authentication via the VMWare vCenter Integrations we are able to collect vCenter Installation Bundle (VIB) data, this is a full package list of all installed packages on each ESXi host managed by vCenter. Prior to the upcoming changes VMware vCenter integration collects data from both the REST and SOAP API endpoints. Once the changes get released this functionality will be split into two different collections methods in separate plugins. Plugin 63062, vmware_vcenter_collect.nbin will be used to collect VIB and Host data from the REST API. This will work against vCenter versions 7.0.3 and later. Plugin 180178, vmware_vcenter_collect_legacy.nbin will be used to collect DIB and Host data from the SOAP API. This will work against vCenter versions 6.x and earlier. We will no longer support new features or patches to this plugin going forward but intend to leave it enabled for those that would like to use it against end of life targets. The integration will supply a list of all active and inactive VMs discovered on each ESXi host in the following plugins vmware_vcenter_active_vms.nbin, vmware_vcenter_inactive_vms.nbin, vmware_active_vms.nbin and vmware_inactive_vms.nbin. vCenter Integration Auto Discovery Auto Discovery of ESXi host and virtual machines is a feature that allows Tenable to find and add targets to the scan that were not targeted during Scan Policy creation. This saves time from having to know all the targets ahead of time when scanning vCenter servers. As part of the upcoming changes we have moved this feature into a new plugin vmware_vcenter_auto_discovery.nbin (180179). This feature requires vCenter Integration authentication against VMWare vCenter version 7.0.3 and later with the REST API enabled. The UI has two options for selecting either ESXi hosts or virtual machines to be discovered and added to the scan. Audit and Compliance Nessus has the ability to scan ESXi and vCenter servers, with CIS, DISA and best practice audits. These compliance checks are done with vmware_compliance_check.nbin and the functionality of these will not be impacted by the other changes made to the vCenter integration. Impacted Plugins Tenable Plugin Name (Plugin ID) : Supported VMware Versions vmware_vcenter_collect.nbin (63062) : 7.0.3+, 8.0+ vmware_vcenter_collect_legacy.nbin (180178) : 6.x vmware_vcenter_auto_discovery.nbin (180179) : 7.0.3+, 8.0+ vmware_vsphere_detect.nasl (57396) : 5.x, 6.x, 7.x, 8.x vmware_vcenter_detect.nasl (63061) : 5.x, 6.x, 7.x, 8.x vmware_vcenter_active_vms.nbin (84340) : 5.x, 6.x, 7.0.3+, 8.x vmware_vcenter_inactive_vms.nbin (84341) : 5.x, 6.x, 7.0.3+, 8.x vmware_vcenter_installed_vibs.nbin (154017) : 5.x, 6.x, 7.0.3+, 8.x vmware_installed_vibs.nbin (57400) : 6.x vmware_active_vms.nbin (57397) : 6.x vmware_inactive_vms.nbin (57398) : 6.x vmware_compliance_check.nbin (64455) : 6.x, 7.x Documentation Updates In addition to these changes all documentation related to the VMware vCenter integrations will be updated accordingly to reflect these changes. Target Release Date Monday September 11, 2023VMWare vCenter Integrations Change In Reporting Summary...
VMWare vCenter Integrations Change In Reporting Summary Tenable will be changing how authentication is reported for VMware vCenter Integrations in an upcoming release. The VMWare Security Advisories do not require authentication and will be correctly reported for the VMWare vCenter Integration. The first change will be to remove authentication reporting from plugins 122502 and 122503 “Integration Credential Status” for plugin 63062 the VMware vCenter Data collector that uses the REST API to collect data. The integration will now report its own authentication issues. Tenable will not be changing reporting for 180178, the VMware vCenter Legacy Data collector that uses the SOAP API to collect data. This will continue to report authentication failures due to the legacy method for vulnerability data being used from the integration’s VIB data. These changes are to help improve the clarity and overall reporting of the authentication status for the VMWare vCenter Integrations. As failed authentication does not mean that VMWare Security Advisories will be missing and has caused misleading issues for end users of the integration. Impacted Plugins 180178 : VMware vCenter Legacy Data Collection 63062 : VMware vCenter Data Collection 122502 : Integration Credential Status by Authentication Protocol - Valid Credentials Provided 122503 : Integration Credential Status by Authentication Protocol - Failure for Provided Credentials Impacted Tenable.sc Dashboard Components Authentication Summary - Authentication Plugin Indicator Operations - Hosts with Vulnerability Scanning Issues Impacted Tenable.sc Dynamic Assets Hosts with Successful Patch Management Authentication Hosts with Failed Patch Management Authentication Impacted Tenable.io Vulnerability Management Content 122503 widgets - Scan Troubleshooting Plugins (Explore) widgets - Scan Authentication Summary (Explore) 122502 widgets - Scan Information Plugins (Explore) 63062 widgets - Authentication Searches (Explore) widgets - Scan Information Plugins (Explore) 180178 Currently not used in any content Target Release Date Monday September 11, 2023VMWare 6.x End of support Summary In correlation with VMWare’
VMWare 6.x End of support Summary In correlation with VMWare’s removal of 6.x support, Tenable’s VMWare Integrations will no longer support 6.x VCenter or VSphere versions. We will not be disabling functionality for these versions, but we no longer support bug fixes or adding new functionality. Please see Tenable Software Release Lifecycle Policy for more information around our support lifecycle. Impacted Plugins 84340 : VMware vCenter Active Virtual Machines 63062 : VMware vCenter Data Collection 84341 : VMware vCenter Inactive Virtual Machines 63061 : VMware vCenter Detect 63060 : VMware vCenter SOAP API Settings 154017 : VMware vCenter Managed ESXi Installed VIBs All VMWare local checks for VCenter and VSphereVMware vRealize Network Insight Advisory (CVE-2022-31702)...
VMware vRealize Network Insight Advisory (CVE-2022-31702) Post published on behalf of Ciarán Walsh VMware has patched two vulnerabilities found in vRealize Network Insight (vRNI), one of which was given a rating of "Critical". The more severe of these vulnerabilities, CVE-2022-31702, is a command injection vulnerability in the vRNI REST API. The vulnerability has been given a CVSSv3 score of 9.8. When exploited, the vulnerability could allow an unauthenticated, remote attacker to execute arbitrary commands on vulnerable devices. According to VMware, exploitation of this vulnerability has not been detected and there is no publicly available proof-of-concept code as of yet. However, due to the critical rating of the vulnerability and low attack complexity, organizations should prioritize patching this flaw. CVE-2022-31703 is a directory traversal vulnerability also in vRNI REST API that received a CVSSv3 score of 7.5. Threat actors with network access can leverage this vulnerability to read files from the server. VMware has issued patches for both vulnerabilities, and has provided guidance on which versions need remediation.
VMWare Auto Discovery Scanning Summary Current Integration...
VMWare Auto Discovery Scanning Summary Current Integration requires all VMWare ESXi hosts and VMs to be configured in the scan targets which can be cumbersome. This new feature will allow the targets on your ESXi host to dynamically populate the target hosts lists making scanning your VMs much easier. Change New UI setting that will allow you to enable this feature when the VMWare integration is enabled. Impact Any current scans will not be affected till this option is enabled. When this option is enabled it will expand the number of targets in the scan dynamically. Plugin No plugins are directly affected by this change, this will affect the targets scanned when enabled. Target Release Date July 18th for both T.IO and Nessus
