CVE-2024-5759
📋 TL;DR
An improper privilege management vulnerability in Tenable Security Center allows authenticated attackers to view unauthorized objects and launch scans without proper permissions. This affects organizations using Tenable Security Center with authenticated user accounts. Attackers can escalate privileges within the security management platform.
💻 Affected Systems
- Tenable Security Center
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could launch unauthorized network scans, potentially disrupting operations, and access sensitive vulnerability data about internal systems that should be restricted.
Likely Case
Malicious insiders or compromised accounts could perform unauthorized vulnerability scans and access security data beyond their assigned privileges.
If Mitigated
With proper access controls and monitoring, impact is limited to privilege escalation within the security platform itself.
🎯 Exploit Status
Exploitation requires authenticated access to Tenable Security Center interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Tenable TNS-2024-10 advisory for specific patched versions
Vendor Advisory: https://www.tenable.com/security/tns-2024-10
Restart Required: Yes
Instructions:
1. Review Tenable TNS-2024-10 advisory 2. Download appropriate patch from Tenable support portal 3. Apply patch following Tenable's upgrade procedures 4. Restart Tenable Security Center services
🔧 Temporary Workarounds
Restrict User Privileges
allMinimize user permissions to only necessary functions and implement principle of least privilege.
Enhanced Monitoring
allMonitor for unusual scan activities or privilege escalation attempts in audit logs.
🧯 If You Can't Patch
- Implement strict access controls and review all user permissions regularly
- Monitor audit logs for unauthorized scan activities and privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check Tenable Security Center version against patched versions in TNS-2024-10 advisoryCheck Version:
Check version in Tenable Security Center web interface or via admin consoleVerify Fix Applied:
Verify version is updated to patched version and test user permissions functionality📡 Detection & Monitoring
Log Indicators:
- Unauthorized scan launches
- Users accessing objects outside their permission scope
- Privilege escalation attempts in audit logs
Network Indicators:
- Unexpected scan traffic from Tenable Security Center
- Scan activities outside normal patterns
SIEM Query:
source="tenable_security_center" AND (event_type="scan_launch" OR event_type="object_access") AND user_privilege="escalated"