Denial of service in Tenable Nessus



Published: 2023-11-20
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-6062
CWE-ID CWE-434
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Tenable Nessus
Client/Desktop applications / Software for system administration

Vendor Tenable Network Security

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Arbitrary file upload

EUVDB-ID: #VU83307

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6062

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of file during file upload. A remote user with administrative privileges can alter Nessus Rules variables and overwrite arbitrary files on the remote host, leading to denial of service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Tenable Nessus: 10.5.0 - 10.6.2

External links

http://www.tenable.com/security/tns-2023-39
http://www.tenable.com/security/tns-2023-40


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###