Lucene search

[email protected]CVE-2022-4313

HistoryMar 15, 2023 - 11:15 p.m.

CVE-2022-4313

2023-03-1523:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

vulnerability

tenable

authenticated users

arbitrary commands

scan targets

nvd

cve-2022-4313

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

37.1%

JSON

A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.

CPENameOperatorVersion
tenable:nessustenable nessuslt10.4.2
tenable:plugin_feedtenable plugin feedlt202212081952 

CPE	Name	Operator	Version
tenable:nessus	tenable nessus	lt	10.4.2
tenable:plugin_feed	tenable plugin feed	lt	202212081952

References

www.tenable.com/security/tns-2023-14

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

37.1%

JSON

Related for CVE-2022-4313

cvelist1 tenable1 prion1