Denial of service in Nessus Agent



Published: 2023-11-20
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-6178
CWE-ID CWE-434
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Nessus Agent
Client/Desktop applications / Other client software

Vendor Tenable Network Security

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Arbitrary file upload

EUVDB-ID: #VU83308

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6178

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of file during file upload. A remote user with privileges on the managing application can alter Nessus Rules variables and overwrite arbitrary files on the remote host.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Nessus Agent: 10.0.0 - 10.4.3

External links

http://www.tenable.com/security/tns-2023-41


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###