Description
An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.
Published: 2026-03-24
Score: 1.9 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via SSH misconfiguration
Action: Apply Patch
AI Analysis

Impact

A misconfiguration in the SSH configuration of Tenable OT exposes socket, port, and service information through the ostunnel user and GatewayPorts settings. This flaw allows an attacker to exfiltrate details about the underlying system, potentially aiding further compromise attempts. The vulnerability is a configuration error that can reveal critical system data.

Affected Systems

The affected product is Tenable OT Security and Tenable OT Security Enterprise Manager, part of Tenable Operation Technology. Specific software versions are not listed, indicating that the issue applies to the currently deployed products as well as new installations when using the supplied ISO.

Risk and Exploitability

The CVSS score of 1.9 denotes low severity, and EPSS data is not available. As Tenable has not listed this vulnerability in the CISA KEV catalog, no known exploits are publicly documented. The likely attack vector is remote, requiring an attacker to gain SSH access to the system; the misconfiguration can then be exploited to obtain service information. Given the low severity score but potential for gathering credentials or system insight, the overall risk is moderate until a patch is applied.

Generated by OpenCVE AI on March 24, 2026 at 21:36 UTC.

Remediation

Vendor Solution

Tenable has released Tenable OT Security and Tenable OT Security Enterprise Manager ISOs that contains the fix for new installations of the product. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/tenable-appliance). Tenable has released the patch to address this issue within the currently deployed products.

OpenCVE Recommended Actions

  • Download the latest Tenable OT Security ISO from the Tenable Downloads Portal and use it for new installations. For existing deployments, apply the vendor-released patch to correct the SSH configuration. Verify that GatewayPorts is set to "no" and that the ostunnel user is appropriately restricted after applying the fix. Monitor SSH logs for abnormal activity to ensure the mitigation remains effective.

Generated by OpenCVE AI on March 24, 2026 at 21:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title SSH Misconfiguration Enabling Exfiltration of Service Information in Tenable OT

Wed, 25 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenable
Tenable tenable Operation Technology
Vendors & Products Tenable
Tenable tenable Operation Technology

Tue, 24 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.
Weaknesses CWE-16
References
Metrics cvssV4_0

{'score': 1.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenable Tenable Operation Technology
cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published:

Updated: 2026-03-25T14:27:17.139Z

Reserved: 2026-03-19T16:38:57.418Z

Link: CVE-2026-4433

cve-icon Vulnrichment

Updated: 2026-03-25T14:23:37.008Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T21:16:29.687

Modified: 2026-03-25T15:41:58.280

Link: CVE-2026-4433

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:57:23Z

Weaknesses