CVE-2022-4313 : Security Advisory and Response
Learn about CVE-2022-4313, a vulnerability in Tenable products that enables remote code execution by authenticated users. Find mitigation steps and affected versions.
A vulnerability was reported in Tenable products that allowed authenticated users to execute arbitrary commands on scan targets through manipulating scan variables.
Understanding CVE-2022-4313
This section provides insights into the impact, technical details, and mitigation strategies related to CVE-2022-4313.
What is CVE-2022-4313?
The vulnerability in Tenable products enabled authenticated users with Scan Policy Configuration roles to manipulate audit policy variables, leading to remote code execution.
The Impact of CVE-2022-4313
The exploitation of this vulnerability could result in attackers executing arbitrary commands on credentialed scan targets.
Technical Details of CVE-2022-4313
Below are the technical specifics of the CVE-2022-4313 vulnerability.
Vulnerability Description
By modifying scan variables, authenticated users could exploit audit policy variables to execute arbitrary commands on scan targets.
Affected Systems and Versions
Tenable.io, Tenable.sc, and Nessus versions up to Plugin Feed Version 202212081951 are vulnerable to this exploit.
Exploitation Mechanism
Authenticated users with Scan Policy Configuration roles can abuse the vulnerability to execute commands on scan targets.
Mitigation and Prevention
Here are the steps to address and prevent exploitation of CVE-2022-4313.
Immediate Steps to Take
- Update Tenable products to the latest version.
- Monitor and restrict access to vulnerable system components.
Long-Term Security Practices
- Implement the principle of least privilege to restrict user permissions.
- Conduct regular security assessments and audits.
Patching and Updates
Stay informed about security patches and updates released by Tenable to address CVE-2022-4313.