CVE-2021-20099

CWE-269Improper Privilege Management3 documents3 sources
Severity
6.7MEDIUM
EPSS
0.1%
top 80.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenable Nessus
Timeline
PublishedJun 28
Latest updateMay 24

Description

Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5nessus_agentNessus Agent 8.2.4 and earlier
NVDtenable/nessus8.2.4

🔴Vulnerability Details

2
GHSA
GHSA-3fcp-gh22-82v3: Nessus Agent 82022-05-24
CVEList
CVE-2021-20099: Nessus Agent 82021-06-28
CVE-2021-20099 (MEDIUM CVSS 6.7) | Nessus Agent 8.2.4 and earlier for | cvebase.io