Lucene search

[email protected]CVE-2021-20106

HistoryJul 21, 2021 - 3:15 p.m.

CVE-2021-20106

2021-07-2115:15:13

[email protected]

web.nvd.nist.gov

cve-2021-20106

nessus agent

vulnerability

privilege escalation

nvd

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

8.5 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.4%

JSON

Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.

Affected configurations

NVD

Node

tenablenessusRange≤8.2.5

CPENameOperatorVersion
tenable:nessustenable nessusle8.2.5

CPE	Name	Operator	Version
tenable:nessus	tenable nessus	le	8.2.5

CNA Affected

[
  {
    "product": "Nessus Agent",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Nessus Agent 8.2.5 and earlier"
      }
    ]
  }
]

References

www.tenable.com/security/tns-2021-13

Social References

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

8.5 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.4%

JSON

Related for CVE-2021-20106

prion1 nessus1 cvelist1 openvas1 nvd1