CVE-2017-7199
published 2017-03-23CVE-2017-7199: Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in…
PriorityP276high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.35%
27.1th percentile
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vc6r-g533-p3rq: Nessus 6
ghsa_unreviewed·2022-05-13
CVE-2017-7199 [HIGH] CWE-732 GHSA-vc6r-g533-p3rq: Nessus 6
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.
VulnCheck
tenable nessus Incorrect Permission Assignment for Critical Resource
vulncheck·2017·CVSS 7.8
CVE-2017-7199 [HIGH] tenable nessus Incorrect Permission Assignment for Critical Resource
tenable nessus Incorrect Permission Assignment for Critical Resource
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.
Affected: tenable nessus
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://go.group-ib.com/hubfs/report/protected/group-ib-opera1er-full-threat-research-2022-en.pdf
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/97110http://www.securitytracker.com/id/1038124https://aspe1337.blogspot.nl/2017/04/writeup-of-cve-2017-7199.htmlhttps://www.tenable.com/security/tns-2017-08http://www.securityfocus.com/bid/97110http://www.securitytracker.com/id/1038124https://aspe1337.blogspot.nl/2017/04/writeup-of-cve-2017-7199.htmlhttps://www.tenable.com/security/tns-2017-08
2017-03-23
Published
Exploited in the wild