Cybersecurity specialists report the discovery of at least 47 flaws in Tenable.sc, a vulnerability management platform developed by Tenable Network Security. According to the report, the successful exploitation of these vulnerabilities would allow the deployment of multiple attack variants.
Below are brief descriptions of the reported flaws, in addition to their respective identification keys and scores assigned according to the Common Vulnerability Scoring System (CVSS).
CVE-2019-19919: Improper disinfection of user input would allow alteration of an object’s __proto__ and __defineGetter__ properties, allowing threat actors to execute code through payloads.
The flaw received a CVSS score of 4.1/10 and successful exploitation would allow malicious hackers to deploy cross-site scripting (XSS) attacks.
CVE-2019-19645: An infinite loop in alter.c would allow remote threat actors to consume all available system resources and cause denial of service (DoS) conditions.
This vulnerability received a CVSS score of 5.7/10.
CVE-2020-7067: A limit condition when processing untrusted inputs passed to the PHP urldecode() function allows remote attackers to send specially crafted data to the application using the affected function.
The flaw received a CVSS score of 6.5/10 and its exploitation would allow access to confidential information.
CVE-2020-7068: A use-after-free bug in the “phar_parse_zipfile” function would allow remote attackers to trigger a DoS condition on the affected system.
The vulnerability received a score of 6.5/10 and its successful exploitation would allow attackers to completely compromise the vulnerable system.
CVE-2020-7069: The openssl_encrypt() function generates incorrect ciphertext and incorrect label for AES-CCM for a 12-byte IV. As a result, a 7-byte nonce is used instead of 12 bytes, so remote threat actors could abuse that behavior and decrypt data.
The flaw received a CVSS score of 4.6/10.
CVE-2020-7070: This flaw lies in the way the PHP parser handles cookies with the character ‘%’. Threat actors could send an HTTP request designed with a cookie ‘__% 48ost-‘ or ‘__% 53ecure-‘ that will be processed before other cookies are sent in the same request. Hackers can set a malicious ‘__Host-‘ cookie on a subdomain and evade security mechanisms.
The flaw received a score of 5.7/10 and would allow threat actors to perform a phishing attack.
CVE-2020-7071: Insufficient URL validation performed through the “FILTER_VALIDATE_URL” configuration would allow remote threat actors to use the “@” characters in the URL to evade security filters in the affected application and accept an arbitrary URL.
The vulnerability received a CVSS score of 4.8/10.
CVE-2021-21702: A NULL pointer dereference bug within SoapClient in PHP would allow remote hackers to pass specially crafted data to the application and perform a DoS attack.
This flaw received a CVSS score of 6.5/10.
CVE-2021-21704: Multiple boundary errors within the firebird_info_cb(), firebird_handle_doer(), firebird_stmt_execute(), and firebird_fetch_blob() functions would allow remote threat actors to pass a specially crafted input to the application and trigger a buffer overflow.
This flaw received a CVSS score of 7.1/10 and its successful exploitation would allow arbitrary commands to be executed.
CVE-2021-21705: Insufficient validation of user-provided input would allow remote hackers to send an HTTP request specially designed to evade FILTER_VALIDATE_URL, tricking the affected application into initiating requests to potentially malicious systems.
The vulnerability received a score of 6.3/10 and its successful exploitation would allow the deployment of server-side request forgery (SSRF) attacks.
According to the report, the flaws reside in the following versions of Tenable.sc: 5.9.0, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, and 5.18.0. As mentioned at the beginning, cybersecurity experts found a total of 47 security flaws, so the full reports can be consulted on Tenable’s official platforms.
While these flaws can be exploited by unauthenticated remote actors, researchers have yet to detect evidence of attacks in real-world scenarios. However, the cybersecurity community points out that some known exploits could be functional for attacks related to these flaws.
In this regard, Tenable recommends upgrading to secure versions to mitigate the risk of exploitation. Security patches that address these flaws are now available. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.