Vulnerability Details

A description of the Tenable plugin that identified the vulnerability detected in the finding.

A brief summary of how you can remediate the vulnerability detected in the finding. Only appears if an official solution is available.

Information about the affected asset, including:

• Asset ID — The UUID of the asset where a scan detected the vulnerability.
• Name — The name of the asset where a scan detected the vulnerability. This value is unique to Tenable Vulnerability Management.

• IPV4 Address — The IPv4 address for the affected asset.

• IPV6 Address — The IPv6 address for the affected asset.

• Operating System — The operating system that the scan identified as installed on the affected asset.

• System Type — The type of operating system that the scan identified as installed on the affected asset.

• Network — The name of the network object associated with scanners that identified the asset. The default name is Default. For more information, see Networks.

• Public — Specifies whether the asset is available on a public network. A public asset is within the public IP space and identified by the is_public attribute in the Tenable Vulnerability Management query namespace.

Information about the scan that detected the vulnerability, including:

• First Seen — The date when a scan first found the vulnerability on an asset.

• Last Seen — The date when a scan last found the vulnerability on an asset.

• Last Licensed Scan — The date and time of the last scan in which the asset was considered "licensed" and counted towards Tenable's license limit. A licensed scan uses non-discovery plugins and can identify vulnerabilities. Unauthenticated scans that run non-discovery plugins update the Last Licensed Scan field, but not the Last Authenticated Scan field. For more information on licensed assets, see Tenable Vulnerability Management Licenses.

• Last Authenticated Scan — The date and time of the last authenticated scan run against the asset. An authenticated scan that only uses discovery plugins updates the Last Authenticated Scan field, but not the Last Licensed Scan field.

• Source — The source of the scan that detected the vulnerability on the affected asset.

• Scan Origin — The scanner that detected the finding. It also helps identify whether the scan is a work-load scan. Possible values are: Tenable Vulnerability Management, Tenable Security Center, and Agentless Assessment.

Additional information about the vulnerability findings, including:

• Network —The name of the network object associated with scanners that identified the finding. The default network name is Default. For more information, see Networks.

• DNS (FQDN) — The fully qualified domain name of the host on which the vulnerability identified in the finding was detected.

• MAC Address — The static Media Access Control (MAC) address for the affected asset.

• Tenable ID — The unique identifier for the Tenable account associated with the affected asset.

• Installed Software — Software that a scan identified on the affected asset.

• SSH Fingerprint — The SSH key fingerprints that scans have associated with the asset record.

(Requires Tenable Lumin license) Rates the criticality of an asset to the organization from 1 to 10. A higher value means the asset is more crucial to the business. For more information, see Tenable Lumin Metrics.

Information about the vulnerability that the plugin identified, including:

• Severity — The severity of the vulnerability on the finding.

• Original Severity — The vulnerability's CVSS-based severity from when a scan first detected the finding.

• Vuln Published — The oldest date on which the vulnerability was either documented in an advisory or published in the National Vulnerability Database (NVD).

• Exploitability — Characteristics of the vulnerability that factor into its potential exploitability.
• Exploitability Ease — A description of how easy it is to exploit the vulnerability.

• Exploited With — The most common ways that the vulnerability may be exploited.

• Exploited by Malware — Indicates whether the vulnerability is known to be exploited by malware.

• Exploited by Nessus — Indicates whether Tenable Nessus exploited the vulnerability during the identification process.

• In the News — Indicates whether this plugin has received media attention (for example, ShellShock, Meltdown).

• Last Fixed — The last time a previously detected vulnerability was scanned and noted as no longer present on an asset.

• Malware — Indicates whether the plugin that identified the vulnerability checks for malware.

• Time Taken to Fix — How long it took your organization to fix a vulnerability identified on a scan, in hours or days. Only appears for Fixed vulnerabilities. Use this filter along with the State filter set to Fixed for more accurate results.

• Unsupported by Vendor — Software found by this plugin is unsupported by the software's vendor (for example, Windows 95 or Firefox 3).

• Patch Published — Displays when a patch has been published for a vulnerability.
• Port — The port that the scanner used to connect to the asset where the scan detected the vulnerability.

• Protocol — The protocol the scanner used to communicate with the asset where the scan detected the vulnerability.

• Live Result — Indicates whether the scan result is based on live results. In Agentless Assessment, you can use live results to view scan results for new plugins based on the most recently collected snapshot data, without running a new scan. The possible values are Yes or No. For more information, see Live Results for Agentless Assessment.

• CPE — The Common Platform Enumeration (CPE) numbers for vulnerabilities that the plugin identifies.

• Asset Inventory — This plugin is an Asset Inventorynventory plugin.

• Default Account — Any default credentials or accounts.

Information about when Tenable Vulnerability Management first discovered the vulnerability, including:

• First Seen — The date when a scan first found the vulnerability on an asset.

• Last Seen — The date when a scan last found the vulnerability on an asset.

• Age — The number of days since a scan first found the vulnerability on an asset in your network.

Information about the key drivers Tenable uses to calculate a VPR for the vulnerability, including:

• Threat Recency — The number of days (0-730) since a threat event occurred for the vulnerability.

• Threat Intensity — The relative intensity based on the number and frequency of recently observed threat events related to this vulnerability: Very Low, Low, Medium, High, or Very High.

• Exploit Code Maturity — The relative maturity of a possible exploit for the vulnerability based on the existence, sophistication, and prevalence of exploit intelligence from internal and external sources (for example, Reversinglabs, Exploit-db, Metasploit, etc.). The possible values (High, Functional, PoC, or Unproven) parallel the CVSS Exploit Code Maturity categories.

• Age of Vuln — The number of days since the National Vulnerability Database (NVD) published the vulnerability.

• Product Coverage — The relative number of unique products affected by the vulnerability: Low, Medium, High, or Very High.

• CVSS3 Impact Score — The NVD-provided CVSSv3 impact score for the vulnerability. If the NVD did not provide a score, Tenable Vulnerability Management shows a Tenable-predicted score.

• Threat Sources — A list of all sources (for example, social media channels, the dark web, etc.) where threat events related to this vulnerability occurred. If the system did not observe a related threat event in the past 28 days, the system shows No recorded events.

Information about the plugin that detected the vulnerability, including:

• Publication Date — The date on which the plugin that identified the vulnerability was published.

• Modification Date — The date on which the plugin was last modified.

• Family — The family of the plugin that identified the vulnerability.

• Type — The general type of plugin check (for example, local or remote).

• Version — The version of the plugin that identified the vulnerability.

• Plugin ID — The ID of the plugin that identified the vulnerability.

Information about the relative risk that the vulnerability presents to the affected asset, including:

• Risk Factor — The CVSS-based risk factor associated with the plugin.

• CVSSV3 Base Score — Intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments.

• CVSSV3 Temporal Score — Characteristics of a vulnerability that change over time.

• CVSSV3 Vector — More CVSSv3 metrics for the vulnerability.

• CVSSV2 Base Score — Intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments.

• CVSSV2 Temporal Score — A score that denotes characteristics of a vulnerability that change over time, but not among user environments.

• CVSSV2 Vector — More CVSSv2 metrics for the vulnerability.

• STIG Severity — A vulnerability's severity rating based on the Department of Defense's Security Technical Implementation Guide (STIG).

Industry resources that provide additional information about the vulnerability.

In the upper-right corner, click the Actions button to view a drop-down where you can:

• Export — Export to CSV or JSON, as described in Export from Explore Tables.

• Generate Report — Generate a report from a template, as described in Reports.

• Recast — Recast or accept finding severity, as described in Add Recast or Accept Rules in Findings.

• View All Findings — View all findings for an asset, as described in View Asset Details.

• View All Details — View complete details for a finding, as described in View Finding Details.

• View All Details in New Tab — View complete details for an asset in a new browser tab.

• Create Remediation Project — Start a new remediation project for an asset, as described in Remediation Projects.

• Launch Remediation Scan — Start a remediation scan to follow up on existing scan results, as described in Launch a Remediation Scan.