CVE-2025-36636
📋 TL;DR
This vulnerability allows authenticated users in Tenable Security Center to access resources beyond their assigned permissions. It affects all Tenable Security Center installations running versions before 6.7.0. The issue stems from improper access control mechanisms.
💻 Affected Systems
- Tenable Security Center
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated low-privilege user could access sensitive configuration data, vulnerability scan results, or administrative functions, potentially leading to data exposure or privilege escalation.
Likely Case
Users with standard accounts may inadvertently or intentionally access reports, assets, or configurations they shouldn't have permission to view, violating security boundaries.
If Mitigated
With proper network segmentation and strict user role management, the impact is limited to minor information disclosure within authorized user groups.
🎯 Exploit Status
Exploitation requires authenticated access. Attackers would need to understand the application's structure to identify unauthorized access paths.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.7.0
Vendor Advisory: https://docs.tenable.com/release-notes/Content/security-center/2025.htm#670
Restart Required: No
Instructions:
1. Download Tenable Security Center 6.7.0 from the Tenable support portal. 2. Follow the upgrade procedure documented in the Tenable Security Center Administration Guide. 3. Verify the upgrade completed successfully.
🔧 Temporary Workarounds
Strict Role-Based Access Control
allImplement minimal privilege principles by reviewing and tightening user roles and permissions.
Network Segmentation
allRestrict access to Tenable Security Center to only authorized management networks.
🧯 If You Can't Patch
- Implement strict network access controls to limit which users can reach the Tenable Security Center interface
- Conduct regular audits of user permissions and access logs to detect unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check the Tenable Security Center version via the web interface (Admin > System > Summary) or via SSH: cat /opt/sc/version.txtCheck Version:
cat /opt/sc/version.txtVerify Fix Applied:
Confirm the version is 6.7.0 or later and test user permissions by attempting to access resources outside assigned roles.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to administrative pages by non-admin users
- Failed permission checks in application logs
- User accessing resources outside their typical scope
Network Indicators:
- HTTP requests to privileged endpoints from non-privileged user accounts
SIEM Query:
source="tenable_sc" AND (event_type="access_denied" OR uri_path="/admin/*" AND user_role!="admin")