Nessus has been found to contain four vulnerabilities. The first is in the third-party library, libexpat, and the other three are native to Nessus: CVE-2016-0718 - The Expat XML Parser (expat/libexpat) contains an overflow condition that is triggered as user-supplied input is not properly validated when handling malformed input documents. This may allow a remote attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (9.0 / 6.7 (AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)) CVE-2016-1000028 / Tenable ID 5198 - A stored cross-site scripting (XSS) issue that requires user-level authentication to the Nessus UI. [4.0 / 3.1 (AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C)] CVE-2016-1000029 / Tenable ID 5218 - A stored cross-site scripting (XSS) issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. [2.1 / 1.6 (AV:N/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C)] CVE-2016-1000029 / Tenable ID 5269 - A stored cross-site scripting (XSS) issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. [2.1 / 1.6 (AV:N/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C)] NO-CVE-YET / Tenable ID 5268 - A stored cross-site scripting (XSS) issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. [2.1 / 1.6 (AV:N/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C)] Note that the overall CVSSv2 score assigned to this advisory represents the libexpat issue. The XSS issues have individual scores for customers to better understand the risks. Nessus plugin nessus_tns_2016_11.nasl (92465) has been released to detect these issues. Please note that Tenable strongly recommends that Nessus be installed on a subnet that is not Internet addressable.
Vulmon