SecurityCenter uses third-party libraries to provide certain standardized functionality. Two of these libraries were found to contain vulnerabilities and were fixed upstream. Those fixes have been integrated despite there being no known exploitation scenarios related to SecurityCenter. cURL / libcurl DLL Hijacking Arbitrary Code Execution cURL / libcurl lib/timeval.c curlx_tvdiff() Function timeval Handling Integer Overflow Unspecified Issue libssh / libssh2 Insecure Diffie-Hellman Secret Key Generation MitM Spoofing Note that the CVSSv2 score associated with this advisory is specific to libcurl's integration in SecurityCenter and assumes a worst-case scenario despite the integer overflow not being proven to result in code execution. Further, Tenable strongly recommends that SecurityCenter be installed on a subnet that is not Internet addressable.
Vulmon