Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

[R1] TenableCore Web Application Scanner v20180702 Fixes Third-party Vulnerabilities

Related Vulnerabilities: CVE-2018-1111  

The TenableCore Web Application Scanner Image v20180328 was found to contain a command injection flaw in a script included in the bundled DHCP client (dhclient) package.A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol.

Source

Synopsis

The TenableCore Web Application Scanner Image v20180328 was found to contain a command injection flaw in a script included in the bundled DHCP client (dhclient) package.

A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol.

Solution

Tenable has released an updated TenableCore WAS Image (v20180702) to address this issue. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/tenable-io-was-scanner)

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started