CVE-2022-4313

HIGH

Tenable - Command Injection

Title source: llm

Description

A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.

References (1)

[Vendor Advisory] https://www.tenable.com/security/tns-2023-14

Scores

CVSS v3 8.8

EPSS 0.0037

EPSS Percentile 58.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

tenable/nessus < 10.4.2

tenable/plugin_feed < 202212081952

Timeline

Published Mar 15, 2023

Tracked Since Feb 18, 2026