CVE-2021-20106Improper Privilege Management in Nessus

CWE-269Improper Privilege Management3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 46.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenable NessusTenable Nessus Agent
Timeline
PublishedJul 21
Latest updateMay 24

Description

Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.6 | Impact: 5.9

Affected Packages2 packages

CVEListV5tenable/nessus_agentNessus Agent 8.2.5 and earlier
NVDtenable/nessus8.2.5

🔴Vulnerability Details

2
GHSA
GHSA-qm76-fv6h-2pxw: Nessus Agent versions 82022-05-24
CVEList
CVE-2021-20106: Nessus Agent versions 82021-07-21
CVE-2021-20106 — Improper Privilege Management | cvebase