Lucene search

Arnie CabralTENABLE:CF8BED99030DAC9F6715476BC825E8CA

HistoryAug 29, 2023 - 8:44 a.m.

[R1] Nessus Version 10.6.0 Fixes Multiple Vulnerabilities

2023-08-2908:44:48

Arnie Cabral

www.tenable.com

nessus

security

vulnerabilities

pass-back

file write

authorization

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%

JSON

[R1] Nessus Version 10.6.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 08/29/2023 - 04:44

A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application. - CVE-2023-3251

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition. - CVE-2023-3252

An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application. - CVE-2023-3253