Search criteria

70 vulnerabilities found for nessus by tenable

CERTFR-2026-AVI-0804

Vulnerability from certfr_avis - Published: 2026-06-26 - Updated: 2026-06-26

De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer une injection SQL (SQLi).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Tenable Nessus Nessus versions antérieures à 10.12.0
References
Bulletin de sécurité Tenable tns-2026-17 2026-06-24 vendor-advisory

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus versions ant\u00e9rieures \u00e0 10.12.0",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-57588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-57588"
    },
    {
      "name": "CVE-2026-57587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-57587"
    }
  ],
  "initial_release_date": "2026-06-26T00:00:00",
  "last_revision_date": "2026-06-26T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0804",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-06-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection SQL (SQLi)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus. Elles permettent \u00e0 un attaquant de provoquer une injection SQL (SQLi).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
  "vendor_advisories": [
    {
      "published_at": "2026-06-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-17",
      "url": "https://www.tenable.com/security/tns-2026-17"
    }
  ]
}

CERTFR-2026-AVI-0489

Vulnerability from certfr_avis - Published: 2026-04-24 - Updated: 2026-04-24

Une vulnérabilité a été découverte dans les produits Tenable. Elle permet à un attaquant de provoquer une exécution de code arbitraire et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Tenable Nessus Nessus versions antérieures à 10.11.4
Tenable Nessus Agent Nessus Agent versions antérieures à 11.1.3
References
Bulletin de sécurité Tenable tns-2026-12 2026-04-23 vendor-advisory
Bulletin de sécurité Tenable tns-2026-13 2026-04-23 vendor-advisory

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus versions ant\u00e9rieures \u00e0 10.11.4",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": "Nessus Agent versions ant\u00e9rieures \u00e0 11.1.3",
      "product": {
        "name": "Nessus Agent",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-33694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33694"
    }
  ],
  "initial_release_date": "2026-04-24T00:00:00",
  "last_revision_date": "2026-04-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0489",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Tenable. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Tenable",
  "vendor_advisories": [
    {
      "published_at": "2026-04-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-12",
      "url": "https://www.tenable.com/security/tns-2026-12"
    },
    {
      "published_at": "2026-04-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-13",
      "url": "https://www.tenable.com/security/tns-2026-13"
    }
  ]
}

CERTFR-2026-AVI-0122

Vulnerability from certfr_avis - Published: 2026-02-06 - Updated: 2026-02-06

De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Tenable Nessus Nessus versions antérieures à 10.10.2
Tenable Nessus Nessus versions 10.11.x antérieures à 10.11.2
References
Bulletin de sécurité Tenable tns-2026-04 2026-02-05 vendor-advisory

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus versions ant\u00e9rieures \u00e0 10.10.2",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": "Nessus versions 10.11.x ant\u00e9rieures \u00e0 10.11.2",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-25210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
    },
    {
      "name": "CVE-2026-24515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
    }
  ],
  "initial_release_date": "2026-02-06T00:00:00",
  "last_revision_date": "2026-02-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0122",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-02-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
  "vendor_advisories": [
    {
      "published_at": "2026-02-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-04",
      "url": "https://www.tenable.com/security/tns-2026-04"
    }
  ]
}

CERTFR-2025-AVI-1114

Vulnerability from certfr_avis - Published: 2025-12-16 - Updated: 2025-12-16

De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Tenable Nessus Nessus versions 10.11.x antérieures à 10.11.1
Tenable Nessus Nessus versions 10.9.x antérieures à 10.9.6
References
Bulletin de sécurité Tenable tns-2025-24 2025-12-15 vendor-advisory

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus versions 10.11.x  ant\u00e9rieures \u00e0 10.11.1",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": "Nessus versions 10.9.x  ant\u00e9rieures \u00e0 10.9.6",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-11731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
    },
    {
      "name": "CVE-2025-49794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
    },
    {
      "name": "CVE-2024-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
    },
    {
      "name": "CVE-2025-59375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
    },
    {
      "name": "CVE-2025-7425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
    },
    {
      "name": "CVE-2025-6170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
    },
    {
      "name": "CVE-2025-10911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10911"
    },
    {
      "name": "CVE-2024-55549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
    },
    {
      "name": "CVE-2025-6021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
    },
    {
      "name": "CVE-2025-49796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
    }
  ],
  "initial_release_date": "2025-12-16T00:00:00",
  "last_revision_date": "2025-12-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1114",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
  "vendor_advisories": [
    {
      "published_at": "2025-12-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-24",
      "url": "https://www.tenable.com/security/tns-2025-24"
    }
  ]
}

CERTFR-2025-AVI-0550

Vulnerability from certfr_avis - Published: 2025-07-01 - Updated: 2025-07-01

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Tenable Nessus Nessus versions antérieures à 10.9.0
Tenable Nessus Nessus versions antérieures à 10.8.5
Tenable Security Center Security Center version 6.4.0 sans les correctifs de sécurité SC-202505.1 et SC-202506.1
Tenable Security Center Security Center version 6.4.5 sans les correctifs de sécurité SC-202505.1 et SC-202506.1
Tenable Security Center Security Center version 6.5.1 sans les correctifs de sécurité SC-202505.1 et SC-202506.1
Tenable Security Center Security Center versions antérieures à 6.6.0
References

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus versions ant\u00e9rieures \u00e0 10.9.0",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": "Nessus versions ant\u00e9rieures \u00e0 10.8.5",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": " Security Center version 6.4.0 sans les correctifs de s\u00e9curit\u00e9 SC-202505.1 et SC-202506.1",
      "product": {
        "name": "Security Center",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": " Security Center version 6.4.5 sans les correctifs de s\u00e9curit\u00e9 SC-202505.1 et SC-202506.1",
      "product": {
        "name": "Security Center",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": " Security Center version 6.5.1 sans les correctifs de s\u00e9curit\u00e9 SC-202505.1 et SC-202506.1",
      "product": {
        "name": "Security Center",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": "Security Center versions ant\u00e9rieures \u00e0 6.6.0",
      "product": {
        "name": "Security Center",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-36630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36630"
    },
    {
      "name": "CVE-2022-25927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25927"
    },
    {
      "name": "CVE-2025-3277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3277"
    },
    {
      "name": "CVE-2025-6021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
    },
    {
      "name": "CVE-2025-24855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
    },
    {
      "name": "CVE-2025-29087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29087"
    }
  ],
  "initial_release_date": "2025-07-01T00:00:00",
  "last_revision_date": "2025-07-01T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2025-AVI-0374 du 07 mai 2025",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0374/"
    }
  ],
  "reference": "CERTFR-2025-AVI-0550",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Tenable. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
  "vendor_advisories": [
    {
      "published_at": "2025-06-30",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-12",
      "url": "https://www.tenable.com/security/tns-2025-12"
    },
    {
      "published_at": "2025-06-30",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-13",
      "url": "https://www.tenable.com/security/tns-2025-13"
    }
  ]
}

CERTFR-2025-AVI-0329

Vulnerability from certfr_avis - Published: 2025-04-18 - Updated: 2025-04-18

De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Tenable Nessus Nessus versions antérieures à 10.8.4
References
Bulletin de sécurité Tenable tns-2025-05 2025-04-18 vendor-advisory

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus versions ant\u00e9rieures \u00e0 10.8.4",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-56171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
    },
    {
      "name": "CVE-2024-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
    },
    {
      "name": "CVE-2025-36625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36625"
    },
    {
      "name": "CVE-2025-27113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
    },
    {
      "name": "CVE-2025-24914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24914"
    },
    {
      "name": "CVE-2024-50602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
    },
    {
      "name": "CVE-2024-40896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40896"
    },
    {
      "name": "CVE-2025-24928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
    }
  ],
  "initial_release_date": "2025-04-18T00:00:00",
  "last_revision_date": "2025-04-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0329",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
  "vendor_advisories": [
    {
      "published_at": "2025-04-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-05",
      "url": "https://www.tenable.com/security/tns-2025-05"
    }
  ]
}

CERTFR-2024-AVI-0771

Vulnerability from certfr_avis - Published: 2024-09-12 - Updated: 2024-09-12

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Tenable Nessus Agent Nessus Agent versions 10.7.x antérieures à 10.7.3
Tenable Nessus Nessus versions 10.8.x antérieures à 10.8.3
Tenable Nessus Nessus versions 10.7.x antérieures à 10.7.6
References
Bulletin de sécurité Tenable tns-2024-14 2024-09-12 vendor-advisory
Bulletin de sécurité Tenable tns-2024-16 2024-09-12 vendor-advisory
Bulletin de sécurité Tenable tns-2024-15 2024-09-12 vendor-advisory

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus Agent versions 10.7.x ant\u00e9rieures \u00e0 10.7.3",
      "product": {
        "name": "Nessus Agent",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": "Nessus versions 10.8.x ant\u00e9rieures \u00e0 10.8.3",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": "Nessus versions 10.7.x ant\u00e9rieures \u00e0 10.7.6",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
    },
    {
      "name": "CVE-2024-45491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    }
  ],
  "initial_release_date": "2024-09-12T00:00:00",
  "last_revision_date": "2024-09-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0771",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Tenable. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
  "vendor_advisories": [
    {
      "published_at": "2024-09-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2024-14",
      "url": "https://www.tenable.com/security/tns-2024-14"
    },
    {
      "published_at": "2024-09-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2024-16",
      "url": "https://www.tenable.com/security/tns-2024-16"
    },
    {
      "published_at": "2024-09-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2024-15",
      "url": "https://www.tenable.com/security/tns-2024-15"
    }
  ]
}

CERTFR-2024-AVI-0415

Vulnerability from certfr_avis - Published: 2024-05-17 - Updated: 2024-05-17

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Tenable Nessus Nessus versions antérieures à 10.7.3
Tenable Nessus Agent Nessus agent versions antérieures à 10.6.4
References

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus versions ant\u00e9rieures \u00e0 10.7.3",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": "Nessus agent versions ant\u00e9rieures \u00e0 10.6.4",
      "product": {
        "name": "Nessus Agent",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-3290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3290"
    },
    {
      "name": "CVE-2024-3292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3292"
    },
    {
      "name": "CVE-2024-3291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3291"
    },
    {
      "name": "CVE-2024-3289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3289"
    }
  ],
  "initial_release_date": "2024-05-17T00:00:00",
  "last_revision_date": "2024-05-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0415",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-05-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nTenable. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2024-08 du 16 mai 2024",
      "url": "https://www.tenable.com/security/tns-2024-08"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2024-09 du 16 mai 2024",
      "url": "https://www.tenable.com/security/tns-2024-09"
    }
  ]
}

CERTFR-2024-AVI-0229

Vulnerability from certfr_avis - Published: 2024-03-18 - Updated: 2024-03-18

Une vulnérabilité a été découverte dans Tenable Nessus. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Tenable Nessus Tenable Nessus plugin sans la dernière mise à jour.
References

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tenable Nessus plugin sans la derni\u00e8re mise \u00e0 jour.",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-2390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2390"
    }
  ],
  "initial_release_date": "2024-03-18T00:00:00",
  "last_revision_date": "2024-03-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0229",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Tenable Nessus. Elle permet \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Tenable Nessus",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2024-05 du 15 mars 2024",
      "url": "https://www.tenable.com/security/tns-2024-05"
    }
  ]
}

CERTFR-2024-AVI-0096

Vulnerability from certfr_avis - Published: 2024-02-07 - Updated: 2024-02-07

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Tenable Nessus Tenable Nessus versions antérieures à 10.7.0
References

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tenable Nessus versions ant\u00e9rieures \u00e0 10.7.0",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-0971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0971"
    },
    {
      "name": "CVE-2024-0955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0955"
    }
  ],
  "initial_release_date": "2024-02-07T00:00:00",
  "last_revision_date": "2024-02-07T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0096",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-02-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Tenable\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire et une injection\nde code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2024-01 du 06 f\u00e9vrier 2024",
      "url": "https://www.tenable.com/security/tns-2024-01"
    }
  ]
}

CERTFR-2023-AVI-0904

Vulnerability from certfr_avis - Published: 2023-11-02 - Updated: 2023-11-02

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Tenable Nessus Nessus versions antérieures à 10.6.2 (la version 10.5.6 est affectée par la vulnérabilité CVE-2023-45853)
Tenable Security Center Tenable Security Center versions 5.23.1, 6.0.0, 6.1.0, 6.1.1 et 6.2.0 sans le correctif de sécurité SC-202310.1
Tenable Nessus Agent Nessus Agent version 10.4.2, migrer sur la version 10.4.3

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus versions ant\u00e9rieures \u00e0 10.6.2 (la version 10.5.6 est affect\u00e9e par la vuln\u00e9rabilit\u00e9 CVE-2023-45853)",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": "Tenable Security Center versions 5.23.1, 6.0.0, 6.1.0, 6.1.1 et 6.2.0 sans le correctif de s\u00e9curit\u00e9 SC-202310.1",
      "product": {
        "name": "Security Center",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": "Nessus Agent version 10.4.2, migrer sur la version 10.4.3",
      "product": {
        "name": "Nessus Agent",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2023-45853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2023-5847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5847"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2023-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
    }
  ],
  "initial_release_date": "2023-11-02T00:00:00",
  "last_revision_date": "2023-11-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0904",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-11-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nTenable. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2023-38 du 31 octobre 2023",
      "url": "https://www.tenable.com/security/tns-2023-38"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2023-35 du 31 octobre 2023",
      "url": "https://www.tenable.com/security/tns-2023-35"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2023-36 du 31 octobre 2023",
      "url": "https://www.tenable.com/security/tns-2023-36"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2023-37 du 31 octobre 2023",
      "url": "https://www.tenable.com/security/tns-2023-37"
    }
  ]
}

CERTFR-2023-AVI-0770

Vulnerability from certfr_avis - Published: 2023-09-22 - Updated: 2023-12-20

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Tenable Nessus Tenable Nessus versions antérieures à 10.5.5
References

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tenable Nessus versions ant\u00e9rieures \u00e0 10.5.5",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-3253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3253"
    },
    {
      "name": "CVE-2023-3251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3251"
    },
    {
      "name": "CVE-2023-3252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3252"
    }
  ],
  "initial_release_date": "2023-09-22T00:00:00",
  "last_revision_date": "2023-12-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0770",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-09-22T00:00:00.000000"
    },
    {
      "description": "Correction coquille.",
      "revision_date": "2023-12-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Tenable\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2023-31 du 21 septembre 2023",
      "url": "https://www.tenable.com/security/tns-2023-31"
    }
  ]
}

CERTFR-2023-AVI-0698

Vulnerability from certfr_avis - Published: 2023-08-30 - Updated: 2023-08-30

De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Tenable Nessus Tenable Nessus versions antérieures à 10.6.0
References

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tenable Nessus versions ant\u00e9rieures \u00e0 10.6.0",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-3253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3253"
    },
    {
      "name": "CVE-2023-3251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3251"
    },
    {
      "name": "CVE-2023-3252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3252"
    }
  ],
  "initial_release_date": "2023-08-30T00:00:00",
  "last_revision_date": "2023-08-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0698",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans\u003cspan\nclass=\"textit\"\u003e Tenable Nessus\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s Tenable Nessus",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2023-29 du 29 ao\u00fbt 2023",
      "url": "https://www.tenable.com/security/tns-2023-29"
    }
  ]
}

CERTFR-2023-AVI-0612

Vulnerability from certfr_avis - Published: 2023-08-03 - Updated: 2023-08-03

De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Tenable Nessus Nessus versions antérieures à 10.5.4
References

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus versions ant\u00e9rieures \u00e0 10.5.4",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    }
  ],
  "initial_release_date": "2023-08-03T00:00:00",
  "last_revision_date": "2023-08-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0612",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2023-27 du 02 ao\u00fbt 2023",
      "url": "https://www.tenable.com/security/tns-2023-27"
    }
  ]
}

CERTFR-2023-AVI-0496

Vulnerability from certfr_avis - Published: 2023-06-29 - Updated: 2023-06-29

De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Tenable Nessus Nessus versions antérieures à 10.5.3
References

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus versions ant\u00e9rieures \u00e0 10.5.3",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2023-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2023-1255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
    }
  ],
  "initial_release_date": "2023-06-29T00:00:00",
  "last_revision_date": "2023-06-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0496",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2023-22 du 28 juin 2023",
      "url": "https://www.tenable.com/security/tns-2023-22"
    }
  ]
}

CVE-2026-57588 (GCVE-0-2026-57588)

Vulnerability from cvelistv5 – Published: 2026-06-25 13:47 – Updated: 2026-06-25 15:49
VLAI?
Title
SQL Injection in Nessus via Malicious Scan Result File Import
Summary
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
CWE
  • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
Vendor Product Version
tenable Nessus Affected: prior to 10.12.1
Create a notification for this product.
Credits
Tristan Madani (@TristanInSec) from Talence Security
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-25T15:33:30.885696Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-25T15:33:40.841Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Nessus",
          "vendor": "tenable",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 10.12.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tristan Madani (@TristanInSec) from Talence Security"
        }
      ],
      "datePublic": "2026-06-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "temporalScore": 3.1,
            "temporalSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 1.6,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-25T15:49:55.857Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "name": "TNS-2026-17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.tenable.com/security/tns-2026-17"
        }
      ],
      "title": "SQL Injection in Nessus via Malicious Scan Result File Import",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2026-57588",
    "datePublished": "2026-06-25T13:47:27.757Z",
    "dateReserved": "2026-06-24T19:21:39.666Z",
    "dateUpdated": "2026-06-25T15:49:55.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-57587 (GCVE-0-2026-57587)

Vulnerability from cvelistv5 – Published: 2026-06-25 13:47 – Updated: 2026-06-25 15:49
VLAI?
Title
SQL Injection in Nessus via Reverse DNS Lookup
Summary
A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
CWE
  • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
Vendor Product Version
tenable Nessus Affected: prior to 10.12.1
Create a notification for this product.
Credits
Tristan Madani (@TristanInSec) from Talence Security
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57587",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-25T15:34:47.945679Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-25T15:35:03.174Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Nessus",
          "vendor": "tenable",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 10.12.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tristan Madani (@TristanInSec) from Talence Security"
        }
      ],
      "datePublic": "2026-06-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "temporalScore": 4.9,
            "temporalSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-25T15:49:55.625Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "name": "TNS-2026-17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.tenable.com/security/tns-2026-17"
        }
      ],
      "title": "SQL Injection in Nessus via Reverse DNS Lookup",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2026-57587",
    "datePublished": "2026-06-25T13:47:27.497Z",
    "dateReserved": "2026-06-24T19:21:39.666Z",
    "dateUpdated": "2026-06-25T15:49:55.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-36630 (GCVE-0-2025-36630)

Vulnerability from cvelistv5 – Published: 2025-07-01 23:11 – Updated: 2025-07-02 13:24
VLAI?
Title
Local Privilege Escalation
Summary
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Tenable Nessus Affected: 0 , < 10.8.5 (semver)
Create a notification for this product.
Credits
Rishad Sheikh - CVE-2025-36630
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36630",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-02T13:02:56.549267Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-02T13:24:24.991Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows"
          ],
          "product": "Nessus",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "10.8.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Rishad Sheikh - CVE-2025-36630"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege."
            }
          ],
          "value": "In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-01T23:11:13.818Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2025-13"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Tenable has released Nessus 10.8.5 and Nessus 10.9.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus\"\u003ehttps://www.tenable.com/downloads/nessus\u003c/a\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Tenable has released Nessus 10.8.5 and Nessus 10.9.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal:  https://www.tenable.com/downloads/nessus"
        }
      ],
      "source": {
        "advisory": "https://www.tenable.com/security/tns-2025-13",
        "discovery": "UNKNOWN"
      },
      "title": "Local Privilege Escalation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2025-36630",
    "datePublished": "2025-07-01T23:11:13.818Z",
    "dateReserved": "2025-04-15T21:50:46.277Z",
    "dateUpdated": "2025-07-02T13:24:24.991Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-36625 (GCVE-0-2025-36625)

Vulnerability from cvelistv5 – Published: 2025-04-18 19:17 – Updated: 2025-04-18 19:40
VLAI?
Title
Log Poisoning in Nessus
Summary
In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.
CWE
  • CWE-117 - Improper Output Neutralization for Logs
Assigner
Impacted products
Vendor Product Version
Tenable Nessus Affected: 0 , < 10.8.4 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36625",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-18T19:40:06.090141Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-18T19:40:24.201Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "MacOS",
            "Linux"
          ],
          "product": "Nessus",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "10.8.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-04-17T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application."
            }
          ],
          "value": "In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-117",
              "description": "CWE-117: Improper Output Neutralization for Logs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-18T19:17:30.612Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2025-05"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Tenable has released Nessus 10.8.4 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus\"\u003e\u003cu\u003ehttps://www.tenable.com/downloads/nessus\u003c/u\u003e\u003c/a\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Tenable has released Nessus 10.8.4 to address these issues. The installation files can be obtained from the Tenable Downloads Portal:  https://www.tenable.com/downloads/nessus https://www.tenable.com/downloads/nessus"
        }
      ],
      "source": {
        "advisory": "tns-2025-05",
        "discovery": "EXTERNAL"
      },
      "title": "Log Poisoning in Nessus",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2025-36625",
    "datePublished": "2025-04-18T19:17:30.612Z",
    "dateReserved": "2025-04-15T21:50:46.276Z",
    "dateUpdated": "2025-04-18T19:40:24.201Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24914 (GCVE-0-2025-24914)

Vulnerability from cvelistv5 – Published: 2025-04-18 18:18 – Updated: 2026-02-26 18:28
VLAI?
Title
Local Priviledge Escalation
Summary
When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
Tenable Nessus Affected: 0 , < 10.8.4 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24914",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T03:55:22.880124Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:09.421Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows"
          ],
          "product": "Nessus",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "10.8.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-04-17T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914"
            }
          ],
          "value": "When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-18T18:18:02.729Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2025-05"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Tenable has released Nessus 10.8.4 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus\"\u003e\u003cu\u003ehttps://www.tenable.com/downloads/nessus\u003c/u\u003e\u003c/a\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Tenable has released Nessus 10.8.4 to address these issues. The installation files can be obtained from the Tenable Downloads Portal:  https://www.tenable.com/downloads/nessus https://www.tenable.com/downloads/nessus"
        }
      ],
      "source": {
        "advisory": "tns-2025-05",
        "discovery": "EXTERNAL"
      },
      "title": "Local Priviledge Escalation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2025-24914",
    "datePublished": "2025-04-18T18:18:02.729Z",
    "dateReserved": "2025-01-28T20:09:40.192Z",
    "dateUpdated": "2026-02-26T18:28:09.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-3290 (GCVE-0-2024-3290)

Vulnerability from cvelistv5 – Published: 2024-05-17 16:54 – Updated: 2024-08-01 20:05
VLAI?
Title
Race Condition
Summary
A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host
CWE
  • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
Impacted products
Vendor Product Version
Tenable Nessus Affected: 0 , < 10.7.3 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:tenable:nessus:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nessus",
            "vendor": "tenable",
            "versions": [
              {
                "lessThanOrEqual": "10.7.2",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3290",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T19:23:42.628220Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:33:23.900Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:05:08.393Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2024-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows"
          ],
          "product": "Nessus",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "10.7.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-05-16T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nA race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host\n\n"
            }
          ],
          "value": "A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-29",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-17T16:54:55.570Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2024-08"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nTenable has released Nessus 10.7.3 to address these issues. The installation files can be obtained from the Tenable Downloads Portal (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus\"\u003ehttps://www.tenable.com/downloads/nessus\u003c/a\u003e).\n\n\u003cbr\u003e"
            }
          ],
          "value": "Tenable has released Nessus 10.7.3 to address these issues. The installation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus )."
        }
      ],
      "source": {
        "advisory": "TNS-2024-08",
        "discovery": "EXTERNAL"
      },
      "title": "Race Condition",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2024-3290",
    "datePublished": "2024-05-17T16:54:55.570Z",
    "dateReserved": "2024-04-03T21:12:37.768Z",
    "dateUpdated": "2024-08-01T20:05:08.393Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3289 (GCVE-0-2024-3289)

Vulnerability from cvelistv5 – Published: 2024-05-17 16:50 – Updated: 2024-08-01 20:05
VLAI?
Summary
When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
CWE
  • CWE-281 - Improper Preservation of Permissions
Assigner
Impacted products
Vendor Product Version
Tenable Nessus Affected: 0 , < 10.7.3 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:tenable:nessus:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nessus",
            "vendor": "tenable",
            "versions": [
              {
                "lessThanOrEqual": "10.7.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3289",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T17:25:00.596927Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T17:35:56.532Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:05:08.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2024-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows"
          ],
          "product": "Nessus",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "10.7.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-05-16T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nWhen installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.\u0026nbsp;"
            }
          ],
          "value": "When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-281",
              "description": "CWE-281 Improper Preservation of Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-17T16:50:48.745Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2024-08"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nTenable has released Nessus 10.7.3 to address these issues. The installation files can be obtained from the Tenable Downloads Portal (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus\"\u003ehttps://www.tenable.com/downloads/nessus\u003c/a\u003e).\n\n\u003cbr\u003e"
            }
          ],
          "value": "Tenable has released Nessus 10.7.3 to address these issues. The installation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus )."
        }
      ],
      "source": {
        "advisory": "TNS-2024-08",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2024-3289",
    "datePublished": "2024-05-17T16:50:48.745Z",
    "dateReserved": "2024-04-03T21:03:11.124Z",
    "dateUpdated": "2024-08-01T20:05:08.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2390 (GCVE-0-2024-2390)

Vulnerability from cvelistv5 – Published: 2024-03-18 15:37 – Updated: 2024-08-21 14:42
VLAI?
Title
Local Privilege Escalation
Summary
As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Tenable Nessus Agent Affected: 0 , < #202403142053 (custom)
Create a notification for this product.
    Tenable Nessus Affected: 0 , < #202403142053 (custom)
Create a notification for this product.
Credits
Rich Sprigg (RythmStick)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:11:53.526Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2024-05"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nessus_agent",
            "vendor": "tenable",
            "versions": [
              {
                "lessThan": "#202403142053",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nessus",
            "vendor": "tenable",
            "versions": [
              {
                "lessThan": "#202403142053",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2390",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-21T14:01:06.803959Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-21T14:42:09.885Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "Nessus Feed"
          ],
          "product": "Nessus Agent",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "#202403142053",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "modules": [
            "Nessus Feed"
          ],
          "product": "Nessus",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "#202403142053",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Rich Sprigg (RythmStick)"
        }
      ],
      "datePublic": "2024-03-15T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nAs a part of Tenable\u2019s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.\n\n\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "\nAs a part of Tenable\u2019s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-18T15:37:44.698Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2024-05"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nTenable has released updates to plugins to resolve the issue. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202403142053.\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nTenable has released updates to plugins to resolve the issue. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202403142053.\n\n"
        }
      ],
      "source": {
        "advisory": "TNS-2024-05",
        "discovery": "EXTERNAL"
      },
      "title": "Local Privilege Escalation ",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2024-2390",
    "datePublished": "2024-03-18T15:37:44.698Z",
    "dateReserved": "2024-03-11T22:31:40.629Z",
    "dateUpdated": "2024-08-21T14:42:09.885Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0971 (GCVE-0-2024-0971)

Vulnerability from cvelistv5 – Published: 2024-02-06 23:38 – Updated: 2024-08-01 18:26
VLAI?
Summary
A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.
CWE
  • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
Impacted products
Vendor Product Version
Tenable Nessus Affected: 0 , < 10.7.0 (10.7.0)
Create a notification for this product.
Credits
Chris Haller (m4lwhere)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0971",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-07T16:20:48.610965Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:39.898Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:26:30.266Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2024-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "MacOS",
            "Linux"
          ],
          "product": "Nessus",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "10.7.0",
              "status": "affected",
              "version": "0",
              "versionType": "10.7.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Chris Haller (m4lwhere)"
        }
      ],
      "datePublic": "2024-02-06T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nA SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.\n\n"
            }
          ],
          "value": "\nA SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-7",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-7 Blind SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-06T23:38:32.704Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2024-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nTenable has released Nessus 10.7.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus\"\u003ehttps://www.tenable.com/downloads/nessus\u003c/a\u003e).\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nTenable has released Nessus 10.7.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus https://www.tenable.com/downloads/nessus ).\n\n\n"
        }
      ],
      "source": {
        "advisory": "TNS-2024-01",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2024-0971",
    "datePublished": "2024-02-06T23:38:32.704Z",
    "dateReserved": "2024-01-26T19:51:21.968Z",
    "dateUpdated": "2024-08-01T18:26:30.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0955 (GCVE-0-2024-0955)

Vulnerability from cvelistv5 – Published: 2024-02-06 23:34 – Updated: 2024-08-01 18:26
VLAI?
Title
Stored XSS vulnerability
Summary
A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.
CWE
  • CWE-20 - Improper Input Validation
Assigner
Impacted products
Vendor Product Version
Tenable Nessus Affected: 0 , < 10.7.0 (10.7.0)
Create a notification for this product.
Credits
Paweł Bednarz
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0955",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-07T19:23:17.534824Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:40.739Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:26:29.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2024-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Nessus",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "10.7.0",
              "status": "affected",
              "version": "0",
              "versionType": "10.7.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Pawe\u0142 Bednarz"
        }
      ],
      "datePublic": "2024-02-06T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nA stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts. \n\n"
            }
          ],
          "value": "\nA stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts. \n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-592",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-592 Stored XSS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-06T23:34:19.528Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2024-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nTenable has released Nessus 10.7.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus\"\u003ehttps://www.tenable.com/downloads/nessus\u003c/a\u003e).\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nTenable has released Nessus 10.7.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus https://www.tenable.com/downloads/nessus ).\n\n\n"
        }
      ],
      "source": {
        "advisory": "TNS-2024-01",
        "discovery": "EXTERNAL"
      },
      "title": "Stored XSS vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2024-0955",
    "datePublished": "2024-02-06T23:34:19.528Z",
    "dateReserved": "2024-01-26T16:42:07.008Z",
    "dateUpdated": "2024-08-01T18:26:29.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6062 (GCVE-0-2023-6062)

Vulnerability from cvelistv5 – Published: 2023-11-20 20:20 – Updated: 2024-12-02 20:52
VLAI?
Title
Arbitrary File Write
Summary
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.
Assigner
Impacted products
Vendor Product Version
Tenable Nessus Affected: 0 , < 10.6.2 (10.6.2)
Unaffected: 10.5.7
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:21:17.059Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2023-39"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2023-40"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6062",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-11-30T15:29:56.936050Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T20:52:31.935Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Nessus",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "10.6.2",
              "status": "affected",
              "version": "0",
              "versionType": "10.6.2"
            },
            {
              "status": "unaffected",
              "version": "10.5.7"
            }
          ]
        }
      ],
      "datePublic": "2023-11-16T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nAn arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition. \n\n"
            }
          ],
          "value": "\nAn arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition. \n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-23",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-23 File Content Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-20T20:20:04.927Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2023-39"
        },
        {
          "url": "https://www.tenable.com/security/tns-2023-40"
        }
      ],
      "source": {
        "advisory": "TNS-2023-39, TNS-2023-40",
        "discovery": "EXTERNAL"
      },
      "title": "Arbitrary File Write",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2023-6062",
    "datePublished": "2023-11-20T20:20:04.927Z",
    "dateReserved": "2023-11-09T19:09:17.998Z",
    "dateUpdated": "2024-12-02T20:52:31.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-5847 (GCVE-0-2023-5847)

Vulnerability from cvelistv5 – Published: 2023-11-01 15:30 – Updated: 2024-09-05 19:40
VLAI?
Summary
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Tenable Nessus Affected: 0 , < 10.6.2 (10.6.2)
Create a notification for this product.
    Tenable Nessus Agent Affected: 0 , < 10.4.3 (10.4.3)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:14:24.323Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2023-37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2023-38"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nessus",
            "vendor": "tenable",
            "versions": [
              {
                "lessThan": "10.6.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nessus_agent",
            "vendor": "tenable",
            "versions": [
              {
                "lessThan": "10.4.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5847",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-05T19:34:55.892909Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-05T19:40:22.479Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "Linux"
          ],
          "product": "Nessus",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "10.6.2",
              "status": "affected",
              "version": "0",
              "versionType": "10.6.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "Linux"
          ],
          "product": "Nessus Agent",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "10.4.3",
              "status": "affected",
              "version": "0",
              "versionType": "10.4.3"
            }
          ]
        }
      ],
      "datePublic": "2023-10-31T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nUnder certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts."
            }
          ],
          "value": "\nUnder certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-01T15:30:55.181Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2023-37"
        },
        {
          "url": "https://www.tenable.com/security/tns-2023-38"
        }
      ],
      "source": {
        "advisory": "tns-2023-37",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2023-5847",
    "datePublished": "2023-11-01T15:30:55.181Z",
    "dateReserved": "2023-10-30T16:43:53.216Z",
    "dateUpdated": "2024-09-05T19:40:22.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3253 (GCVE-0-2023-3253)

Vulnerability from cvelistv5 – Published: 2023-08-29 19:08 – Updated: 2024-10-28 18:59
VLAI?
Title
Improper authorization in Nessus
Summary
An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.
CWE
  • CWE-863 - Incorrect Authorization
Assigner
Impacted products
Vendor Product Version
Tenable Nessus Affected: 0 , < 10.6.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:48:08.194Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2023-29"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3253",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T19:44:36.023500Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-28T18:59:10.910Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "MacOS",
            "Linux"
          ],
          "product": "Nessus",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "10.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nAn improper authorization vulnerability exists where an authenticated, \nlow privileged remote attacker could view a list of all the users \navailable in the application.\n\n"
            }
          ],
          "value": "An improper authorization vulnerability exists where an authenticated, \nlow privileged remote attacker could view a list of all the users \navailable in the application.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-29T19:08:29.434Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2023-29"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nTenable has released Nessus 10.6.0 to address these issues. The \ninstallation files can be obtained from the Tenable Downloads Portal (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus\"\u003ehttps://www.tenable.com/downloads/nessus\u003c/a\u003e).\n\n\u003cbr\u003e"
            }
          ],
          "value": "Tenable has released Nessus 10.6.0 to address these issues. The \ninstallation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus https://www.tenable.com/downloads/nessus ).\n\n\n"
        }
      ],
      "source": {
        "advisory": "tns-2023-29",
        "discovery": "EXTERNAL"
      },
      "title": "Improper authorization in Nessus",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2023-3253",
    "datePublished": "2023-08-29T19:08:29.434Z",
    "dateReserved": "2023-06-14T20:11:38.602Z",
    "dateUpdated": "2024-10-28T18:59:10.910Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3252 (GCVE-0-2023-3252)

Vulnerability from cvelistv5 – Published: 2023-08-29 18:55 – Updated: 2024-10-28 18:46
VLAI?
Title
Arbitrary File Write
Summary
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.
CWE
  • CWE-427 - Uncontrolled Search Path Element
Assigner
Impacted products
Vendor Product Version
Tenable Nessus Affected: 0 , < 10.6.0 (custom)
Create a notification for this product.
Credits
Ammarit Thongthua
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:48:08.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2023-29"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3252",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:45:13.614810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-427",
                "description": "CWE-427 Uncontrolled Search Path Element",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-28T18:46:39.141Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Nessus",
          "vendor": " Tenable",
          "versions": [
            {
              "lessThan": "10.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Ammarit Thongthua"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nAn arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.\n\n"
            }
          ],
          "value": "\nAn arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-23",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-23 File Content Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-29T18:55:09.869Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2023-29"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nTenable has released Nessus 10.6.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus\"\u003ehttps://www.tenable.com/downloads/nessus\u003c/a\u003e).\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nTenable has released Nessus 10.6.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus https://www.tenable.com/downloads/nessus ).\n\n\n"
        }
      ],
      "source": {
        "advisory": "tns-2023-29",
        "discovery": "EXTERNAL"
      },
      "title": "Arbitrary File Write",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2023-3252",
    "datePublished": "2023-08-29T18:55:09.869Z",
    "dateReserved": "2023-06-14T20:01:52.895Z",
    "dateUpdated": "2024-10-28T18:46:39.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3251 (GCVE-0-2023-3251)

Vulnerability from cvelistv5 – Published: 2023-08-29 18:38 – Updated: 2024-09-30 15:49
VLAI?
Title
Pass-back vulnerability in Nessus
Summary
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.
CWE
  • CWE-522 - Insufficiently Protected Credentials
Assigner
Impacted products
Vendor Product Version
Tenable Nessus Affected: 0 , < 10.6.0 (custom)
Create a notification for this product.
Credits
Pedro Jose Navas Perez at Hispasec
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:48:08.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2023-29"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3251",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:45:20.442582Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T15:49:08.054Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Nessus",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "10.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Pedro Jose Navas Perez at Hispasec"
        }
      ],
      "datePublic": "2023-08-29T17:45:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.\u003c/span\u003e\u003cp\u003eThis issue affects Nessus: before 10.6.0.\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "\nA pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.\n\n\n\n\n\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-554",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-554 Functionality Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522 Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-29T18:38:11.935Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2023-29"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nTenable has released Nessus 10.6.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus\"\u003ehttps://www.tenable.com/downloads/nessus\u003c/a\u003e).\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nTenable has released Nessus 10.6.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus https://www.tenable.com/downloads/nessus ).\n\n\n"
        }
      ],
      "source": {
        "advisory": "TNS-2023-29",
        "discovery": "EXTERNAL"
      },
      "title": "Pass-back vulnerability in Nessus",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2023-3251",
    "datePublished": "2023-08-29T18:38:11.935Z",
    "dateReserved": "2023-06-14T19:51:19.650Z",
    "dateUpdated": "2024-09-30T15:49:08.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}