CVE-2019-3982Improper Input Validation in Nessus

CWE-20Improper Input Validation3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.7%
top 28.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenable NessusTenable Nessus
Timeline
PublishedOct 23
Latest updateMay 24

Description

Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDtenable/nessus8.6.0
CVEListV5tenable/tenable_nessusAll versions prior to 8.6.0

🔴Vulnerability Details

2
GHSA
GHSA-x9jp-rc2q-gpcp: Nessus versions 82022-05-24
CVEList
CVE-2019-3982: Nessus versions 82019-10-23
CVE-2019-3982 — Improper Input Validation in Nessus | cvebase