[R3] Nessus Version 10.2.0 Fixes Multiple Vulnerabilities

[R3] Nessus Version 10.2.0 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 05/26/2022 - 09:30

Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components (zlib, expat, jQuery UI) were found to contain vulnerabilities, and updated versions have been made available by the providers. Additionally, two separate vulnerabilities that utilize the Audit functionality were discovered, reported and fixed.

1. CVE-2022-32973 - An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.

2. CVE-2022-32974 - An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.

3. CVE-2022-33757 - An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.

Out of caution and in line with good practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Nessus 10.2.0 fixes the reported Audit function and information disclosure vulnerabilities, and also updates zlib to version 1.2.12, expat to version 2.4.8 and jQuery UI to version 1.13.0 to address the remaining identified vulnerabilities.