CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-1367: Command Injection Vulnerability in Tenable Security Center

7.2 CVSS

Description

A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.

Classification

CVE ID: CVE-2024-1367

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected Products

Vendor: Tenable

Product: Security Center

Exploit Prediction Scoring System (EPSS)

EPSS Score: 3.81% (probability of being exploited)

EPSS Percentile: 87.54% (scored less or equal to compared to others)

EPSS Date: 2025-05-31 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-1367
https://www.tenable.com/security/tns-2024-02

Timeline

2025-05-02 17:40:10 UTC
CVE

Command Injection Vulnerability in Tenable Security Center