Privilege Escalation via Network Monitoring Flaws: A Growing Threat

Privilege Escalation via Network Monitoring Flaws: A Growing Threat

Tenable has released version 6.5.1 of its Network Monitor, a key passive vulnerability scanning solution, to address several high-severity vulnerabilities discovered in both its codebase and bundled third-party libraries.

The update comes after security researchers identified vulnerabilities in widely used components such as OpenSSL, expat, curl, libpcap, and libxml2, all of which provide essential underlying functionality for Tenable Network Monitor[R1].

To mitigate potential risks, Tenable has upgraded these libraries to their latest secure versions:

– Advertisement –
  • OpenSSL: Upgraded to version 3.0.16
  • expat: Upgraded to version 2.7.0
  • curl: Upgraded to version 8.12.0
  • libpcap: Upgraded to version 1.10.5
  • libxml2: Upgraded to version 2.13.8

These updates address known vulnerabilities that could otherwise be exploited to compromise system integrity or confidentiality.

Notably, the new release also supports modern cryptographic ciphers and removes support for outdated ones like AES128-SHA and AES256-SHA, further strengthening the product’s security posture.

Two Local Privilege Escalation Vulnerabilities Fixed

Beyond third-party library updates, Tenable Network Monitor 6.5.1 resolves two critical local privilege escalation vulnerabilities, both rated as high severity and tracked as CVE-2025-24916 and CVE-2025-24917.

  • CVE-2025-24916: This vulnerability affected installations of Tenable Network Monitor on Windows systems when deployed to non-default locations.
  • Before version 6.5.1, the installer did not enforce secure permissions on sub-directories, potentially allowing unauthorized users to escalate privileges if the directories were not manually secured.
  • The risk included unauthorized access and possible system compromise. “The vulnerability is due to the lack of enforced secure permissions for sub-directories during installation.
  • The risks include potential local privilege escalation that could compromise system security.”
  • CVE-2025-24917: In versions before 6.5.1, a non-administrative user could stage malicious files in a local directory, leading to arbitrary code execution with SYSTEM privileges.
  • This flaw could be exploited to gain unauthorized control over the affected system.
  • “A non-administrative user can exploit CVE-2025-24917 to run arbitrary code with SYSTEM privileges.
  • If exploited, this could lead to unauthorized access and control over the system by allowing local privilege escalation.”

Both vulnerabilities have been fully addressed in version 6.5.1, with Tenable strongly urging all users to upgrade immediately to mitigate these risks.

Technical Deployment and Best Practices

Tenable Network Monitor operates by passively analyzing network traffic at the packet layer, providing continuous visibility into both managed and unmanaged assets.

It supports real-time detection of vulnerabilities, compromised systems, and unauthorized data flows, making it a critical tool for organizations seeking to maintain compliance and robust network security

Installation and Upgrade Guidance:

  • The updated installation files for version 6.5.1 are available via the Tenable Downloads Portal.
  • For Windows deployments, administrators should ensure the installer is run with appropriate permissions and verify that secure Access Control Lists (ACLs) are enforced on all installation directories.
  • Supported platforms include Red Hat Linux (various versions), Oracle Linux (in RHCK mode), and Microsoft Windows (10, Server 2012/2016/2019/2022, all 64-bit).

Sample Command for Linux Deployment:

bash# service nnm start

After installation, users can access the web interface at:

texthttps://:8835

to complete the setup and begin monitoring.

Tenable emphasizes the importance of timely patching and encourages users to report any discovered vulnerabilities through its coordinated disclosure process, reinforcing its commitment to product security and customer protection.

Tenable Network Monitor 6.5.1 is a critical security update that addresses serious vulnerabilities in both bundled third-party libraries and the product’s installation routines.

Organizations are urged to upgrade immediately to maintain a secure network monitoring environment and prevent local privilege escalation attacks.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!


Source link