Go to All Forums

Tenable Scan showing Vulnerability for Linux Agent

Our Tenable security scanner is alerting regarding these files on our linux servers with the site24x7 agent installed:

Running Linux agent version 19.4.0

Are these libraries nessesary? Can they be removed or updated to stop getting flagged by our security scanner?

 

  • Path : /opt/site24x7/monagent/lib/applog/libcrypto.so.1.0.0
    •  Reported version : 1.0.1k
    • Fixed version : 1.0.1t
  • Path : /opt/site24x7/monagent/lib/applog/libssl.so.1.0.0
    • Reported version : 1.0.1k
    • Fixed version : 1.0.1t
  • Path : /opt/site24x7/monagent/lib/libcrypto.so.1.0.0
    • Reported version : 1.0.1k
    • Fixed version : 1.0.1t
  • Path : /opt/site24x7/monagent/lib/libssl.so.1.0.0
    • Reported version : 1.0.1k
    • Fixed version : 1.0.1t
Like (1) Reply
Replies (2)

Hello Dan!

Hope you are doing well.

We are aware of our Linux agents being alerted in Tenable and also acknowledge that these libraries are necessary for smooth working of our server monitoring agents. While we are working on our upgraded version of the agent, let us explain why our Site24x7 server monitoring agents are not affected by this vulnerability. 

In the machines where the site24x7 agents are installed, the agents do not open any ports for external connections, and communication is initiated only in the outbound direction (from the agent to our server i.e., plus.site24x7.com). Therefore, the risk of an attacker exploiting specific vulnerabilities in OpenSSL 1.0.1k directly on the agent is not possible.

No open ports for inbound connections: The site24x7 agent does not have any open port for inbound connections and external attackers cannot directly connect to it. This configuration significantly reduces the attack surface.

Vulnerabilities: The vulnerabilities in OpenSSL version 1.0.1k, typically require the attacker to establish a connection with the site24x7 agent or to send crafted requests. Since our agent does not accept any incoming connections, it completely mitigates the risk of such direct attacks.

However, we will upgrade this vulnerable OpenSSL version in our next agent release. It has been already taken as our highest priority and in the process of completion. Once we have the agent ready for deployment, we will let you know immediately as a response in this thread and also through our release notes document.

Have a wonderful day ahead!

- Team Site24x7

Like (0) Reply

Hello Dan,

We appreciate you being proactive and reaching out regarding the recent OpenSSL 1.0.1k vulnerability concern. Though our agent was not affected, we proactively moved this to our highest priority.

We are pleased to inform you that our product team has addressed this issue, and the latest version of the Linux server monitoring agent is now available for upgrade. This new version, version 19.7.0, includes an upgrade to OpenSSL 3.2.0, completely secure from the vulnerabilities reported in previous versions.

The upgrade via web interface will be opened shortly but if you would like the upgraded agent immediately, contact our support team to trigger the upgrades for your Linux server monitors.

Thank you for your continued trust and support.

With you in your journey to keep your IT infrastructure safe,
Site24x7 Team
Like (0) Reply

Was this post helpful?