Improper input validation in Tenable Nessus - #VU12365
Published: May 5, 2018
Vulnerability identifier: #VU12365
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Tenable Network Security
Affected software:
Tenable Nessus
Tenable Nessus
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to unspecified input validation error when processing data, returned form the scanned host. A remote attacker can run a specially crafted service, which, when scanned by Nessus, will execute arbitrary code on the system, running Nessus scanner.
The vulnerability exists due to unspecified input validation error when processing data, returned form the scanned host. A remote attacker can run a specially crafted service, which, when scanned by Nessus, will execute arbitrary code on the system, running Nessus scanner.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.