Vulnerabilities
Vulnerable Software
Tenable:  >> Nessus  >> 10.4.0  Security Vulnerabilities
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.
CVSS Score
6.8
EPSS Score
0.006
Published
2023-08-29
A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.
CVSS Score
8.8
EPSS Score
0.012
Published
2023-03-15
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host.
CVSS Score
8.8
EPSS Score
0.008
Published
2023-01-20
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets.
CVSS Score
6.5
EPSS Score
0.006
Published
2022-10-17


Contact Us

Shodan ® - All rights reserved