Plataforma
other
Componente
tenable-security-center
Corrigido em
6.4.0
CVE-2024-5759 describes an improper privilege management vulnerability within Tenable Security Center. This allows an authenticated, remote attacker to bypass access controls and perform actions they shouldn't be authorized to do, such as viewing sensitive data and initiating scans. The vulnerability impacts versions 0.0 through 6.4.0, and a fix is available in version 6.4.0.
The primary impact of CVE-2024-5759 is the potential for unauthorized access to sensitive data and the ability to perform actions without proper authorization within Tenable Security Center. An attacker could leverage this vulnerability to view confidential scan results, configuration details, or other sensitive information that they should not have access to. Furthermore, the ability to launch scans without authorization could be used for reconnaissance purposes, potentially identifying other vulnerabilities within the managed environment. This could lead to further exploitation and a broader compromise of the network.
CVE-2024-5759 was publicly disclosed on June 12, 2024. As of this writing, there is no indication of active exploitation in the wild. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, but the ease of exploitation given authentication requirements suggests a potential for rapid development of such exploits.
Organizations heavily reliant on Tenable Security Center for vulnerability management and those with complex user permission structures are particularly at risk. Environments where user access controls are not rigorously enforced or where users have overly broad privileges are also more vulnerable to exploitation.
disclosure
Status do Exploit
EPSS
0.64% (percentil 70%)
CISA SSVC
Vetor CVSS
The recommended mitigation for CVE-2024-5759 is to immediately upgrade Tenable Security Center to version 6.4.0 or later. If upgrading is not immediately feasible, consider implementing stricter access controls and privilege separation within Tenable Security Center to limit the potential impact of this vulnerability. Review user permissions and ensure that users only have the necessary privileges to perform their assigned tasks. While a direct workaround isn't available, regularly auditing user access and activity logs can help detect any suspicious behavior. After upgrading, confirm the fix by verifying that users without the appropriate privileges are unable to access restricted objects or launch scans.
Actualice Tenable Security Center a la versión 6.4.0 o posterior. Esta actualización corrige la vulnerabilidad de gestión de privilegios inadecuada. Consulte el aviso de seguridad de Tenable para obtener más detalles sobre la actualización.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-5759 is a medium-severity vulnerability in Tenable Security Center allowing authenticated attackers to view unauthorized objects and launch scans without proper privileges.
If you are using Tenable Security Center versions 0.0 through 6.4.0, you are potentially affected by this vulnerability.
Upgrade Tenable Security Center to version 6.4.0 or later to remediate this vulnerability. Review and tighten user access controls as an interim measure.
As of now, there is no confirmed evidence of active exploitation in the wild, but the vulnerability's nature suggests potential for future exploitation.
Refer to the official Tenable Security Center advisory for detailed information and updates: [https://securitycenter.tenable.com/advisories/CVE-2024-5759/](https://securitycenter.tenable.com/advisories/CVE-2024-5759/)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.