CVE-2017-11506

Summary

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.

Affected Software

VendorProductVersion RangeStatus
TenableNessus6.x before 6.11affected

Weaknesses

  • Man-in-the-Middle

ADP Enrichment

CVE Program Container

Additional References

References