| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2020-5793 | 5 Nov 202019:11 | – | cve | |
| CVE-2020-5793 | 5 Nov 202019:11 | – | cvelist | |
| EUVD-2020-26950 | 7 Oct 202500:30 | – | euvd | |
| Vulnerability fixed in Nessus | 30 Oct 202000:00 | – | ncsc | |
| Tenable Nessus < 8.12.1 Privilege Escalation Vulnerability (TNS-2020-08) | 30 Oct 202000:00 | – | nessus | |
| CVE-2020-5793 | 5 Nov 202020:15 | – | nvd | |
| Tenable Nessus 8.9.0 - 8.12.0 File Copy Vulnerability (TNS-2020-08) - Windows | 9 Nov 202000:00 | – | openvas | |
| Tenable Nessus Agent 8.0.0 - 8.1.0 Arbitrary Code Execution vulnerability (TNS-2020-07) | 9 Nov 202000:00 | – | openvas | |
| CVE-2020-5793 | 5 Nov 202020:15 | – | osv | |
| Design/Logic Flaw | 5 Nov 202020:15 | – | prion |
| Source | Link |
|---|---|
| tenable | www.tenable.com/security/tns-2020-07 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
##
# (C) Tenable Network Security, Inc.
##
include('compat.inc');
if (description)
{
script_id(142054);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/04");
script_cve_id("CVE-2020-5793");
script_name(english:"Tenable Nessus Agent 8.x < 8.1.1 Privilege Escalation Vulnerability (TNS-2020-07)");
script_set_attribute(attribute:"synopsis", value:
"An instance of Nessus Agent installed on the remote Windows host is affected by a privilege escalation
vulnerability");
script_set_attribute(attribute:"description", value:
"A vulnerability in Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local
attacker to copy user-supplied files to a specially constructed path in a specifically named user
directory. An attacker could exploit this vulnerability by creating a malicious file and copying
the file to a system directory. The attacker needs valid credentials on the Windows system to
exploit this vulnerability.
Tenable has included a fix in Nessus Agent 8.2.0 and Nessus Agent 8.1.1 to address this issue.
Note that Nessus has not tested for this issue but has instead relied only on the application's
self-reported version number");
script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/tns-2020-07");
script_set_attribute(attribute:"solution", value:
"Upgrade to Tenable Nessus Agent version 8.1.1, 8.2 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5793");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/10/29");
script_set_attribute(attribute:"patch_publication_date", value:"2020/10/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:tenable:nessus_agent");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2020-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_nessus_agent_installed_win.nbin");
script_require_keys("installed_sw/Tenable Nessus Agent");
script_require_ports(139, 445);
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
'metadata': {'spec_version': '1.0'},
'requires': [
{'scope': 'target', 'match': {'os': 'windows'}}
],
'checks': [
{
'product': {'name': 'Tenable Nessus Agent', 'type': 'app'},
'check_algorithm': 'default',
'constraints': [
{'min_version' : '8.0.0', 'fixed_version' : '8.1.1', 'fixed_display': '8.1.1 / 8.2.0'}
]
}
]
};
var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation