CrowdStrike, Tenable Patch Critical Vulnerabilities in Security Products
AI-generated from multiple sources. Verify before acting on this reporting.
SAN FRANCISCO (AP) — Cybersecurity firms CrowdStrike and Tenable on Thursday notified customers of critical vulnerabilities discovered in their LogScale and Nessus products, releasing patches to address the flaws before they could be exploited.
The coordinated disclosure comes as both companies work to secure their widely used security infrastructure. CrowdStrike identified the issues within its LogScale platform, while Tenable addressed vulnerabilities in its Nessus vulnerability scanner. Both firms stated the flaws were discovered through internal security reviews and have been patched.
The vulnerabilities, rated as critical by both vendors, could have allowed attackers to gain unauthorized access to systems or execute arbitrary code if exploited. CrowdStrike's advisory noted that the flaws in LogScale could potentially impact data integrity and availability. Tenable's update for Nessus focused on preventing remote code execution and privilege escalation attacks.
Customers were advised to apply the latest updates immediately. CrowdStrike stated that the patches are available through standard update channels, while Tenable directed users to download the latest Nessus agent versions. Both companies emphasized that no active exploitation of these vulnerabilities has been observed to date.
The disclosure highlights the ongoing challenge cybersecurity firms face in securing their own products while protecting clients from external threats. Industry analysts note that vulnerabilities in security tools can have cascading effects, potentially compromising the very systems designed to defend against attacks.
CrowdStrike and Tenable did not provide specific details on the nature of the vulnerabilities beyond their critical severity ratings. Both companies declined to comment on whether the flaws were discovered by internal teams or external researchers, citing security protocols.
The updates come amid a broader trend of increased scrutiny on cybersecurity vendors following several high-profile incidents in recent years. Security experts recommend that organizations maintain rigorous patch management processes and regularly audit their security infrastructure for known vulnerabilities.
As of Thursday evening, both companies were monitoring their systems for any signs of attempted exploitation. CrowdStrike's security operations center reported no unusual activity related to the disclosed flaws. Tenable similarly stated that its threat intelligence teams have not detected any campaigns targeting the vulnerabilities.
The situation remains fluid as customers worldwide begin deploying the patches. Both firms have committed to providing further updates should additional information emerge regarding the vulnerabilities or their potential impact.