Lucene search

[email protected]NVD:CVE-2023-5624

HistoryOct 26, 2023 - 5:15 p.m.

CVE-2023-5624

2023-10-2617:15:09

CWE-20

[email protected]

web.nvd.nist.gov

nessus network monitor

input validation

vulnerability

admin user

blindsql injection

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.

Affected configurations

NVD

Node

tenablenessus_network_monitorRange<6.3.0

References

www.tenable.com/security/tns-2023-34

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for NVD:CVE-2023-5624

cvelist1 cve1 prion1 tenable1 nessus1 openvas1