Lucene search

TenableCVELIST:CVE-2024-2390

HistoryMar 18, 2024 - 3:37 p.m.

CVE-2024-2390 Local Privilege Escalation

2024-03-1815:37:44

CWE-269

tenable

www.cve.org

vulnerability

nessus plugin

local privilege escalation

specific filesystem location

malicious actor

privileges.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

9.0%

JSON

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "modules": [
      "Nessus Feed"
    ],
    "product": "Nessus Agent",
    "vendor": "Tenable",
    "versions": [
      {
        "lessThan": "#202403142053",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "modules": [
      "Nessus Feed"
    ],
    "product": "Nessus",
    "vendor": "Tenable",
    "versions": [
      {
        "lessThan": "#202403142053",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.tenable.com/security/tns-2024-05

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-2390