CVE-2021-20117 — Improper Privilege Management in Nessus Agent

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 86.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenable Nessus Agent

Timeline

PublishedSep 9

Latest updateMay 24

Description

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶NVDtenable/nessus_agent8.3.0

▶CVEListV5tenable/nessus_agentNessus Agent 8.3.0 and earlier

Patches

Patch: www.tenable.com ↗Patch: www.tenable.com ↗

🔴Vulnerability Details

GHSA

GHSA-x9cp-v5c2-p9c5: Nessus Agent 8↗2022-05-24

▶

CVEList

CVE-2021-20117: Nessus Agent 8↗2021-09-09

▶