Go to All Forums

Tenable Scan showing Vulnerability for Linux Agent

Our Tenable security scanner is alerting regarding these files on our linux servers with the site24x7 agent installed:

Running Linux agent version 19.4.0

Are these libraries nessesary? Can they be removed or updated to stop getting flagged by our security scanner?

 

  • Path : /opt/site24x7/monagent/lib/applog/libcrypto.so.1.0.0
    •  Reported version : 1.0.1k
    • Fixed version : 1.0.1t
  • Path : /opt/site24x7/monagent/lib/applog/libssl.so.1.0.0
    • Reported version : 1.0.1k
    • Fixed version : 1.0.1t
  • Path : /opt/site24x7/monagent/lib/libcrypto.so.1.0.0
    • Reported version : 1.0.1k
    • Fixed version : 1.0.1t
  • Path : /opt/site24x7/monagent/lib/libssl.so.1.0.0
    • Reported version : 1.0.1k
    • Fixed version : 1.0.1t
Like (1) Reply
Replies (1)

Hello Dan!

Hope you are doing well.

We are aware of our Linux agents being alerted in Tenable and also acknowledge that these libraries are necessary for smooth working of our server monitoring agents. While we are working on our upgraded version of the agent, let us explain why our Site24x7 server monitoring agents are not affected by this vulnerability. 

In the machines where the site24x7 agents are installed, the agents do not open any ports for external connections, and communication is initiated only in the outbound direction (from the agent to our server i.e., plus.site24x7.com). Therefore, the risk of an attacker exploiting specific vulnerabilities in OpenSSL 1.0.1k directly on the agent is not possible.

No open ports for inbound connections: The site24x7 agent does not have any open port for inbound connections and external attackers cannot directly connect to it. This configuration significantly reduces the attack surface.

Vulnerabilities: The vulnerabilities in OpenSSL version 1.0.1k, typically require the attacker to establish a connection with the site24x7 agent or to send crafted requests. Since our agent does not accept any incoming connections, it completely mitigates the risk of such direct attacks.

However, we will upgrade this vulnerable OpenSSL version in our next agent release. It has been already taken as our highest priority and in the process of completion. Once we have the agent ready for deployment, we will let you know immediately as a response in this thread and also through our release notes document.

Have a wonderful day ahead!

- Team Site24x7

Like (0) Reply
Was this post helpful?

Statistics

1 Replies
190 Views
0 Followers

Tags