Tenable Nessus vulnerabilities

CVE-2025-36630 [HIGH] CWE-269 CVE-2025-36630: In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

CVE-2025-24914 [HIGH] CWE-276 CVE-2025-24914: When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914

CVE-2025-36625 [MEDIUM] CWE-117 CVE-2025-36625: In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.

CVE-2024-3289 [HIGH] CWE-281 CVE-2024-3289: When installing Nessus to a directory outside of the default location on a Windows host, Nessus vers When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.

CVE-2024-3290 [HIGH] CWE-367 CVE-2024-3290: A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus hos A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host

CVE-2024-2390 [HIGH] CWE-269 CVE-2024-2390: As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was ide As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

CVE-2024-0955 [MEDIUM] CWE-20 CVE-2024-0955: A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privil A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.

CVE-2024-0971 [MEDIUM] CWE-89 CVE-2024-0971: A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could p A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.

CVE-2023-6062 [MEDIUM] CWE-787 CVE-2023-6062: An arbitrary file write vulnerability exists where an authenticated, remote attacker with administr An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.

CVE-2023-6178 [MEDIUM] CWE-787 CVE-2023-6178: An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.

CVE-2023-5847 [MEDIUM] CWE-269 CVE-2023-5847: Under certain conditions, a low privileged attacker could load a specially crafted file during inst Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.

CVE-2023-3251 [MEDIUM] CWE-522 CVE-2023-3251: A pass-back vulnerability exists where an authenticated, remote attacker with administrator privile A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.

CVE-2023-3252 [MEDIUM] CWE-427 CVE-2023-3252: An arbitrary file write vulnerability exists where an authenticated, remote attacker with administr An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.

CVE-2023-3253 [MEDIUM] CWE-863 CVE-2023-3253: An improper authorization vulnerability exists where an authenticated, low privileged remote attack An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.

CVE-2023-2005 [MEDIUM] CWE-427 CVE-2023-2005: Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tena Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a

CVE-2022-4313 [HIGH] CWE-427 CVE-2022-4313: A vulnerability was reported where through modifying the scan variables, an authenticated user in Te A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.

CVE-2023-0101 [HIGH] CWE-269 CVE-2023-0101: A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10. A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host.

CVE-2022-3499 [MEDIUM] CWE-532 CVE-2022-3499: An authenticated attacker could utilize the identical agent and cluster node linking keys to potenti An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.

CVE-2022-33757 [MEDIUM] CWE-284 CVE-2022-33757: An authenticated attacker could read Nessus Debug Log file attachments from the web UI without havin An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.

CVE-2022-32973 [HIGH] CVE-2022-32973: An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and exec An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.