CVE-2014-2848Race Condition in Plugin-set

CWE-362Race Condition3 documents3 sources
Severity
6.9MEDIUMNVD
EPSS
0.0%
top 89.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenable Plugin-setTenable Nessus
Timeline
PublishedApr 11
Latest updateMay 17

Description

A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

NVDtenable/plugin-set201402092115
NVDtenable/nessus5.2.1

🔴Vulnerability Details

2
GHSA
GHSA-2m9m-v6qr-2p82: A race condition in the wmi_malware_scan2022-05-17
CVEList
CVE-2014-2848: A race condition in the wmi_malware_scan2014-04-11
CVE-2014-2848 — Race Condition in Tenable Plugin-set | cvebase