Description
As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.
References (1)
Core 1
Core References
Third Party Advisory
https://www.tenable.com/security/tns-2024-05
Scores
CVSS v3
7.8
EPSS
0.0007
EPSS Percentile
21.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (2)
Tenable/Nessus
< #202403142053
Tenable/Nessus Agent
< #202403142053
Published
Mar 18, 2024
Tracked Since
Feb 18, 2026