CVE-2026-4433

An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.

CVSS

No CVSS.

References

Link	Resource
https://www.tenable.com/security/tns-2026-9

Configurations

No configuration.

History

25 Mar 2026, 15:41

Type	Values Removed	Values Added
Summary		(es) Existe una mala configuración de SSH en Tenable OT que llevó a la posible exfiltración de información de sockets, puertos y servicios a través del usuario ostunnel y GatewayPorts. Esto podría usarse para potencialmente recopilar información sobre el sistema subyacente y proporcionar a un atacante información que podría usarse para intentar comprometer el host.

24 Mar 2026, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-24 21:16

Updated : 2026-03-25 15:41

NVD link : CVE-2026-4433

Mitre link : CVE-2026-4433

CVE.ORG link : CVE-2026-4433

JSON object : View

Products Affected

No product.

CWE

CWE-16

Configuration

{"id": "CVE-2026-4433", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "vulnreport@tenable.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-24T21:16:29.687", "references": [{"url": "https://www.tenable.com/security/tns-2026-9", "source": "vulnreport@tenable.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "vulnreport@tenable.com", "description": [{"lang": "en", "value": "CWE-16"}]}], "descriptions": [{"lang": "en", "value": "An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host."}, {"lang": "es", "value": "Existe una mala configuraci\u00f3n de SSH en Tenable OT que llev\u00f3 a la posible exfiltraci\u00f3n de informaci\u00f3n de sockets, puertos y servicios a trav\u00e9s del usuario ostunnel y GatewayPorts. Esto podr\u00eda usarse para potencialmente recopilar informaci\u00f3n sobre el sistema subyacente y proporcionar a un atacante informaci\u00f3n que podr\u00eda usarse para intentar comprometer el host."}], "lastModified": "2026-03-25T15:41:58.280", "sourceIdentifier": "vulnreport@tenable.com"}