CVE-2024-1367 — Vulnetix

CVE-2024-1367 PUBLISHED CVSS 7.199999809265137 HIGH

A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.

EPSS 5.10% · 90.0th percentile

Risk Scores

CVSS 3.1

7.199999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

5.10%

90.0th percentile

Affected Products

Vendor	Product	Versions
Tenable	Security Center	0, 0
tenable	security_center	0, 0

Exploit Intelligence

CIRCL published-proof-of-concept: CVE-2024-1367 (circl-sighting)
CIRCL seen: CVE-2024-1367 (circl-sighting)
https://www.tenable.com/security/tns-2024-02 (circl)

Timeline

Feb 14, 2024 CVE Published
Feb 14, 2024 PoC Published
Feb 15, 2024 EPSS Score
Mar 13, 2024 EPSS Score
Apr 9, 2024 EPSS Score
Jun 2, 2024 EPSS Score
Jun 28, 2024 EPSS Score
Jul 25, 2024 EPSS Score
Aug 25, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 18, 2024 EPSS Score
Nov 9, 2024 Coalition ESS Score

References

https://www.tenable.com/security/tns-2024-02 url
https://www.tenable.com/security/tns-2024-06 advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-1367 advisory

Open in Interactive Console →