Nessus and SecurityCenter are potentially impacted by several vulnerabilities in OpenSSL that were recently disclosed and fixed. Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to patch the included version of OpenSSL as a precaution, and to save time. CVE-2015-1788 - OpenSSL crypto/bn/bn_gf2m.c BN_GF2m_mod_inv() Function ECParameters Structure Binary Polynomial Field Parsing Infinite Loop Remote DoS CVE-2015-1789 - OpenSSL crypto/x509/x509_vfy.c X509_cmp_time() Function ASN1_TIME String Handling Out-of-bounds Read Issue CVE-2015-1790 - OpenSSL crypto/pkcs7/pk7_doit.c PKCS7_dataDecode() Function ASN.1-encoded PKCS#7 Blob Handling NULL Pointer Dereference Remote DoS CVE-2015-1792 - OpenSSL signedData Message Unknown Hash Function Processing Infinte Loop Remote DoS CVE-2014-8176 - OpenSSL DTLS Application Data Buffering Invalid Free Remote Memory Corruption Upon further inspection, Nessus is not affected by CVE-2015-1790, CVE-2015-1792, and CVE-2014-8176. Note that the CVSS score in this advisory reflects the highest risk of the issues included. Please note that Tenable strongly recommends that Nessus and SecurityCenter be installed on a subnet that is not Internet addressable.