CVE-2021-20118 — Improper Privilege Management in Nessus Agent

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 86.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenable Nessus Agent

Timeline

PublishedSep 9

Latest updateMay 24

Description

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶NVDtenable/nessus_agent8.3.0

▶CVEListV5tenable/nessus_agentNessus Agent 8.3.0 and earlier

Patches

Patch: www.tenable.com ↗Patch: www.tenable.com ↗

🔴Vulnerability Details

GHSA

GHSA-qq9w-j88c-j3ff: Nessus Agent 8↗2022-05-24

▶

CVEList

CVE-2021-20118: Nessus Agent 8↗2021-09-09

▶