Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN521
_____________________________________________________________________

DATE                : 19/05/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Tenable Network Monitor versions
                               prior to 6.5.4.

=====================================================================
https://www.tenable.com/security/tns-2026-14
_____________________________________________________________________


Synopsis

Tenable Network Monitor leverages third-party software to help provide
underlying functionality. Several of the third-party components
(OpenSSL, curl, sqlite3, handlebars, expat, and dpdk) were found to
contain vulnerabilities, and updated versions have been made
available by the providers.

Out of caution and in line with best practice, Tenable has opted to
upgrade these components to address the potential impact of the
issues. Tenable Network Monitor 6.5.4 updates OpenSSL to version
3.0.20, curl to version 8.18.0, sqlite3 to 3.49.1, handlebars to
4.7.9, expat to 2.7.5, and dpdk to 25.07 to address the identified
vulnerabilities.


Solution

Tenable has released Tenable Network Monitor 6.5.4 to address these
issues. The installation files can be obtained from the Tenable
Downloads Portal
(https://www.tenable.com/downloads/tenable-network-monitor).


Additional References
https://docs.tenable.com/release-notes/Content/network-monitor/2026.htm

This page contains information regarding security vulnerabilities
that may impact Tenable's products. This may include issues specific
to our software, or due to the use of third-party libraries within
our software. Tenable strongly encourages users to ensure that
they upgrade or apply relevant patches in a timely manner.

Tenable takes product security very seriously. If you believe you have
found a vulnerability in one of our products, we ask that you please
work with us to quickly resolve it in order to protect customers.
Tenable believes in responding quickly to such reports, maintaining
communication with researchers, and providing a solution in short
order.

For more details on submitting vulnerability information, please see
our Vulnerability Reporting Guidelines page.

If you have questions or corrections about this advisory, please
email [email protected]


Risk Information

CVE ID: CVE-2024-11614
CVE-2025-3277
CVE-2025-13034
CVE-2025-14017
CVE-2025-14524
CVE-2025-14819
CVE-2025-15079
CVE-2025-15224
CVE-2025-29087
CVE-2025-29088
CVE-2026-33937
CVE-2026-33941
CVE-2026-33938
CVE-2026-33940
CVE-2026-33939
CVE-2026-33916
CVE-2026-32776
CVE-2026-32777
CVE-2026-32778
Tenable Advisory ID: TNS-2026-14
Risk Factor: Critical

CVSSv3 Base / Temporal Score:
7.4 / 6.4 (CVE-2024-11614)
9.1 / 7.9 (CVE-2025-3277)
5.9 / 5.2 (CVE-2025-13034)
6.3 / 5.5 (CVE-2025-14017)
5.3 / 4.6 (CVE-2025-14524)
5.3 / 4.6 (CVE-2025-14819)
5.3 / 4.6 (CVE-2025-15079)
3.1 / 2.7 (CVE-2025-15224)
7.5 / 6.5 (CVE-2025-29087)
5.5 / 4.8 (CVE-2025-29088)
9.1 / 7.9 (CVE-2026-33937)
8.2 / 7.1 (CVE-2026-33941)
8.1 / 7.1 (CVE-2026-33938)
8.1 / 7.1 (CVE-2026-33940)
7.5 / 6.5 (CVE-2026-33939)
7.5 / 6.5 (CVE-2026-33916)
5.5 / 4.8 (CVE-2026-32776)
5.5 / 4.8 (CVE-2026-32777)
5.5 / 4.8 (CVE-2026-32778)
CVSSv3 Vector:
AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C (CVE-2024-11614)
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C (CVE-2025-3277)
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C (CVE-2025-13034)
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C (CVE-2025-14017)
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C (CVE-2025-14524)
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C (CVE-2025-14819)
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C (CVE-2025-15079)
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C (CVE-2025-15224)
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C (CVE-2025-29087)
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C (CVE-2025-29088)
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C (CVE-2026-33937)
AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C (CVE-2026-33941)
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C (CVE-2026-33938)
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C (CVE-2026-33940)
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C (CVE-2026-33939)
AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C (CVE-2026-33916)
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C (CVE-2026-32776)
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C (CVE-2026-32777)
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C (CVE-2026-32778)


Affected Products
Tenable Network Monitor 6.5.3 and earlier


Advisory Timeline
2026-05-14 - [R1] Initial Release
2026-05-15 - [R2] Updated for additional packages
> 

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================