[R1] Nessus Version 8.15.6 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 08/09/2022 - 19:14
Two separate vulnerabilities that utilize the Audit functionality in Nessus were discovered, reported and fixed.
1. CVE-2022-32973 - An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
2. CVE-2022-32974 - An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
Nessus version 8.15.6 fixes the reported Audit function vulnerabilities.