Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

[R1] OpenSSL Stand-alone Patch Available for SecurityCenter versions 5.0 or Later

Related Vulnerabilities: CVE-2017-3738   CVE-2018-0733   CVE-2018-0739  

SecurityCenter leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to provide a stand-alone OpenSSL patch to address the potential impact of these issues in SecurityCenter. This stand-alone patch updates OpenSSL to version 1.0.2o to address the identified vulnerabilities.

Source

Synopsis

SecurityCenter leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers.

Out of caution and in line with good practice, Tenable opted to provide a stand-alone OpenSSL patch to address the potential impact of these issues in SecurityCenter. This stand-alone patch updates OpenSSL to version 1.0.2o to address the identified vulnerabilities.

Solution

Tenable has provided a stand-alone patch to address these issues. The patch can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/securitycenter-3d-tool-and-xtool).

Steps to apply:

Note: If you are applying the patch to a Tenable appliance, you must enable SSH access as described in the Tenable Appliance User Guide. If you are running a Tenable appliance version earlier than 4.4.0, contact Support for assistance.

1. Download the appropriate patch to SecurityCenter or your appliance. The files can be placed anywhere, though /tmp is a good choice.
2. Untar the patch file: "tar zxf SC-201805.1-5.x.tgz"
3. Change the directory to the extracted directory: "cd SC-201805.1-5.x"
4. Run the install: "sh ./install.sh"

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started