6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
29.8%
Tenable Nessus is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:tenable:nessus";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.126491");
script_version("2024-02-09T14:47:30+0000");
script_tag(name:"last_modification", value:"2024-02-09 14:47:30 +0000 (Fri, 09 Feb 2024)");
script_tag(name:"creation_date", value:"2023-08-30 10:25:18 +0000 (Wed, 30 Aug 2023)");
script_tag(name:"cvss_base", value:"7.7");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:M/C:N/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-09-01 14:34:00 +0000 (Fri, 01 Sep 2023)");
script_cve_id("CVE-2023-3251", "CVE-2023-3252", "CVE-2023-3253");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Tenable Nessus Multiple Vulnerabilities (TNS-2023-29, TNS-2023-31)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("General");
script_dependencies("gb_tenable_nessus_consolidation.nasl");
script_mandatory_keys("tenable/nessus/detected");
script_tag(name:"summary", value:"Tenable Nessus is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The following vulnerabilities exist:
- CVE-2023-3251: A pass-back exists where an authenticated, remote attacker with administrator
privileges could uncover stored SMTP credentials within the Nessus application.
- CVE-2023-3252: An arbitrary file write exists where an authenticated, remote attacker with
administrator privileges could alter logging variables to overwrite arbitrary files on the remote
host with log data, which could lead to a denial of service condition
- CVE-2023-3253: An improper authorization exists where an authenticated, low privileged remote
attacker could view a list of all the users available in the application.");
script_tag(name:"affected", value:"Tenable Nessus prior to version 10.5.5 and 10.6.0.");
script_tag(name:"solution", value:"Update to version 10.5.5, 10.6.0 or later.
Note: The installation files for version 10.5.5 can only be obtained via the Nessus
Feed.");
script_xref(name:"URL", value:"https://www.tenable.com/security/tns-2023-29");
script_xref(name:"URL", value:"https://www.tenable.com/security/tns-2023-31");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if( isnull( port = get_app_port( cpe:CPE ) ) )
exit( 0 );
if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
exit( 0 );
version = infos["version"];
location = infos["location"];
if( version_is_less_equal( version:version, test_version:"10.5.4" ) ) {
report = report_fixed_ver( installed_version:version, fixed_version:"10.5.5, 10.6.0", install_path:location );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
29.8%