First published: Mon Dec 09 2024(Updated: )
An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.
Credit: vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tenable.sc |
Tenable has released Security Center 6.5.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/security-center https://tenable%20has%20released%20security%20center%206.5.0%20to%20address%20these%20issues.%20the%20installation%20files%20can%20be%20obtained%20from%20the%20tenable%20downloads%20portal:%20https//www.tenable.com/downloads/security-center
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-12174 is classified as a high-severity vulnerability due to its potential to allow authenticated attackers to intercept sensitive email communications.
To fix CVE-2024-12174, update Tenable Security Center to the latest version where the improper certificate validation issue has been resolved.
The impact of CVE-2024-12174 includes the risk of sensitive email interception if a privileged attacker successfully connects a rogue SMTP server.
CVE-2024-12174 affects users of Tenable Security Center who have not updated their software to the version that addresses this vulnerability.
CVE-2024-12174 is not remotely exploitable as it requires authenticated, privileged access to the Tenable Security Center.