Operating System:

[WIN][UNIX/Linux]

Published:

17 May 2019

Protect yourself against future threats.

//Service

Sensitive Information Alert

Alert notification provided via email for sensitive material found online by our analyst team which specifically targets your organisation.

Read more
Resources > Security Bulletins > ASB-2019.0147 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0147
               Tenable Nessus Agent updates embedded OpenSSL
                                17 May 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Tenable Nessus Agent
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
Impact/Access:        Access Privileged Data -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-1559  
Member content until: Sunday, June 16 2019
Reference:            ASB-2019.0088
                      ESB-2019.0799
                      ESB-2019.0620

OVERVIEW

        Tenable has released an update for Nessus Agent to address a
        vulnerability in the bundled version of OpenSSL. [1]


IMPACT

        Tenable Nessus Agent in versions prior to 7.4.0 contain an older
        version of OpenSSL which is affected by CVE-2019-1559. [1]


MITIGATION

        Tenable advises updating to Nessus Agent 7.4.0 or later. [1]


REFERENCES

        [1] Nessus Agent 7.4.0 Fixes One Third-party Vulnerability
            https://www.tenable.com/security/tns-2019-03

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXN5QymaOgq3Tt24GAQjrJRAAh4s2qtrVsnMVRJVSNAP/I0B1DTGG3o5e
wSkgi79l7FeGyF/eMaMju3rehOrPJN5WkdTY1/Mw2raP44zoglcYP4RURNv1NR0u
PxCH0RhQ8GjaTCoWtBHmPpSNbibvhi1dUTEF0f8EGkgchuIBCyJdcr9dokCX5myw
Dymu1XHk/b+1iPG6cwPwGMHZd8n57TBmKTj2eLHvXe66vBv8F8qMrrZSIgFh51T3
MKGWUaRJ1UM1twCE+EtSS99CaQszzEvOpaHAUlw7Qo3idxoELU6e7EO+DBWWnaMn
D+aIbBf4ByBe02AM2ImXOKiZ2GEncScomNZiz+vSQRCy7d8vgeYjXGf0Mj/xhoON
VZM7pvvawPry0HdNjqP8sNzBOpNS24odNOUXXyF43xy1wJ133NmrGjcopgg4fOPg
CQuK3QcE2DMFmYq41GPZWbnHr2N0M6c1jExL5c5pihuzE7wyqTEtHJN9o/N8ys6B
OqkwuELOigx6knDsiimO3bYubPKGNRZdKzUDQWJQytCECFtf4obaNecEr5t3wuwn
9QP/Rm7kVQYnvv7aOyEMVcdlawgNTYEAs9tiWt8Fz+U83JOdr/oV035FbPXaH9YE
zebwrHYZ/Sb6sOc7zj9NuMI+5D+tS2GpwA5mAHc0s2vPJQkuctgugw67/4AHntVv
xbRsFElaaQ8=
=NEZ5
-----END PGP SIGNATURE-----