CVE-2023-2005

CWE-427CWE-328CWE-916CWE-327Broken Cryptographic Algorithm6 documents5 sources
Severity
8.8HIGH
EPSS
0.3%
top 50.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Tenable NessusTenable Security CenterTenable Tenable.io
Timeline
PublishedJun 26
Latest updateOct 25

Description

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.3 | Impact: 5.9

Affected Packages3 packages

CVEListV5tenable/security_center< Plugin Feed ID #202306261202
CVEListV5tenable/nessus< Plugin Feed ID #202306261202
CVEListV5tenable/tenable.io< Plugin Feed ID #202306261202

🔴Vulnerability Details

4
GHSA
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard2023-10-25
GHSA
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard2023-10-25
GHSA
GHSA-rx3v-c929-952g: Vulnerability in Tenable Tenable2023-06-26
CVEList
Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability2023-06-26

📋Vendor Advisories

1
Red Hat
crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard2023-10-25
CVE-2023-2005 (HIGH CVSS 8.8) | Vulnerability in Tenable Tenable.Io | cvebase.io