Skip to main content

Tenable Operation Technology EUVDEUVD-2026-15025

| CVE-2026-4433 LOW
Configuration (CWE-16)
2026-03-24 tenable GHSA-r3v4-cfx9-jmvv
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
A
Scope
X

Lifecycle Timeline

5
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
4.8 (MEDIUM) 1.9 (LOW)
EUVD ID Assigned
Mar 24, 2026 - 20:31 euvd
EUVD-2026-15025
Analysis Generated
Mar 24, 2026 - 20:31 vuln.today
CVE Published
Mar 24, 2026 - 20:26 nvd
MEDIUM 4.8

DescriptionCVE.org

An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.

AnalysisAI

Tenable OT contains an SSH misconfiguration that permits unauthorized disclosure of socket, port, and service information through the ostunnel user account and improper GatewayPorts settings. This vulnerability affects Tenable Operation Technology across multiple versions and allows attackers to enumerate underlying system architecture and network configuration without requiring high privileges or complex exploitation. While no CVSS score, EPSS data, or confirmed active exploitation is publicly documented, the information disclosure nature of this vulnerability enables reconnaissance for subsequent targeted attacks.

Technical ContextAI

This vulnerability stems from CWE-16 (Configuration), specifically improper SSH daemon configuration in Tenable OT's ostunnel user context. SSH GatewayPorts setting, when enabled, permits remote clients to bind to forwarded ports on the SSH server, and combined with misconfigured ostunnel user permissions, allows enumeration of listening sockets, network ports, and service details. The affected product is identified via CPE cpe:2.3:a:tenable,_inc.:tenable_operation_technology:*:*:*:*:*:*:*:*, indicating all versions of Tenable Operation Technology are potentially in scope. The root cause is insufficient access controls and SSH hardening around service account permissions, allowing information leakage that violates the principle of least privilege and information minimization.

RemediationAI

Immediately review and harden SSH configuration on all Tenable OT deployments by disabling SSH GatewayPorts unless explicitly required, restricting ostunnel user permissions to the minimum necessary scope, and enforcing SSH key-based authentication with strong access controls. Consult the Tenable security advisory at https://www.tenable.com/security/tns-2026-9 for vendor-recommended patches and configuration changes. Until patches are available, implement network segmentation to restrict SSH access to Tenable OT systems from trusted administrator networks only, enforce SSH connection logging and monitoring to detect reconnaissance attempts, and disable the ostunnel user if not actively required for operations.

Share

EUVD-2026-15025 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy