Tenable Nessus

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host

Published: 2024-05-17T16:54:55.570Z
Updated: 2024-08-01T20:05:08.393Z

When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.

Published: 2024-05-17T16:50:48.745Z
Updated: 2024-08-01T20:05:08.242Z

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

Published: 2023-06-26T17:39:56.554Z
Updated: 2024-12-03T18:44:10.535Z

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055.

Published: 2023-02-01T00:00:00.000Z
Updated: 2025-03-27T14:40:00.312Z