[R1] Nessus Versions 8.15.4 and 10.1.2 Fix One Third-Party Vulnerability (original) (raw)

Synopsis

Nessus leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and an updated version has been made available by the provider.

Out of caution and in line with best practice, Tenable has opted to upgrade OpenSSL to address the potential impact of the issue. Nessus 8.15.4 and Nessus 10.1.2 update OpenSSL to version 1.1.1n to address the identified vulnerability.

Solution

Tenable has released Nessus 8.15.4 and Nessus 10.1.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus).

This page contains information regarding security vulnerabilities that may impact Tenable's products. This may include issues specific to our software, or due to the use of third-party libraries within our software. Tenable strongly encourages users to ensure that they upgrade or apply relevant patches in a timely manner.

Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order.

For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page.

If you have questions or corrections about this advisory, please email[email protected]

>

Try for free

Buy now

100

Try for free

Buy now

Try for free

Buy now

Try for free

Buy now

With Advanced Support for Nessus Pro, your teams will have access to phone, Community, and chat support 24 hours a day, 365 days a year. This advanced level of technical support helps to ensure faster response times and resolution to your questions and issues.

Advanced Support Plan Features

Phone Support

Phone support 24 hours a day, 365 days a year, available for up to ten (10) named support contacts.

Chat Support

Chat support available to named support contacts, accessible via the Tenable Community is available 24 hours a day, 365 days a year.

Tenable Community Support Portal

All named support contacts can open support cases within the Tenable Community. Users can also access the Knowledge Base, documentation, license information, technical support numbers, etc.; utilize live chat, ask questions to the Community, and learn about tips and tricks from other Community members.

Initial Response Time

P1-Critical: < 2 hr
P2-High: < 4 hr
P3-Medium: < 12 hr
P4-Informational: < 24 hr

Support Contacts

Support contacts must be reasonably proficient in the use of information technology, the software they have purchased from Tenable, and familiar with the customer resources that are monitored by means of the software. Support contacts must speak English and conduct support requests in English. Support contacts must provide information reasonably requested by Tenable for the purpose of reproducing any Error or otherwise resolving a support request.