cbcvebase.
CVE-2023-2005
published 2023-06-26

CVE-2023-2005: Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus…

PriorityP348high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.38%
29.6th percentile
Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

Affected

5 ranges
VendorProductVersion rangeFixed in
crypto-js_projectcrypto-js>= 0 < 4.2.04.2.0
entronadcrypto-es>= 0 < 2.1.02.1.0
tenablenessus< Plugin Feed ID #202306261202 Plugin Feed ID #202306261202
tenablesecurity_center< Plugin Feed ID #202306261202 Plugin Feed ID #202306261202
tenabletenable.io< Plugin Feed ID #202306261202 Plugin Feed ID #202306261202

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat9.1CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.