#VU12365 Improper input validation in Tenable Nessus
Published: May 5, 2018
Vulnerability identifier: #VU12365
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Tenable Nessus
Tenable Nessus
Software vendor:
Tenable Network Security
Tenable Network Security
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to unspecified input validation error when processing data, returned form the scanned host. A remote attacker can run a specially crafted service, which, when scanned by Nessus, will execute arbitrary code on the system, running Nessus scanner.
The vulnerability exists due to unspecified input validation error when processing data, returned form the scanned host. A remote attacker can run a specially crafted service, which, when scanned by Nessus, will execute arbitrary code on the system, running Nessus scanner.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.