CVE-2021-20135

MEDIUM

Nessus < 8.15.2 - Authenticated Local Privilege Escalation via Executable Execution

Title source: llm
STIX 2.1

Description

Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus).

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.tenable.com/security/tns-2021-18

Scores

CVSS v3 6.7
EPSS 0.0005
EPSS Percentile 15.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
tenable/nessus < 8.15.2
Published Nov 03, 2021
Tracked Since Feb 18, 2026