CVE-2022-4313

CWE-4273 documents3 sources
Severity
8.8HIGH
EPSS
0.7%
top 27.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenable NessusTenable Plugin Feed
Timeline
PublishedMar 15
Latest updateMar 16

Description

A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDtenable/nessus< 10.4.2
NVDtenable/plugin_feed< 202212081952

🔴Vulnerability Details

2
GHSA
GHSA-q2xm-492x-5xjf: A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration2023-03-16
CVEList
CVE-2022-4313: A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration2023-03-15
CVE-2022-4313 (HIGH CVSS 8.8) | A vulnerability was reported where | cvebase.io