Privilege escalation in Tenable Nessus

Published: 2018-03-26
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2018-1141
Exploitation vector Local
Public exploit N/A
Vulnerable software
Tenable Nessus
Client/Desktop applications / Software for system administration

Vendor Tenable Network Security

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Privilege escalation

EUVDB-ID: #VU11261

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1141

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No


The vulnerability allows a local attacker to obtain elevated privileges on the target system.

The weakness exists due to improper enforcement of secure permissions for sub-directories when installed in a non-default directory. A local attacker can gain root privileges.


Update to version 7.0.3.

Vulnerable software versions

Tenable Nessus: 7.0.0 - 7.0.2

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.