Input validation error in Tenable Nessus

#VU71333 Input validation error in Tenable Nessus

Published: 2023-01-18

Vulnerability identifier: #VU71333

Vulnerability risk: Medium

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0101

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Tenable Nessus
Client/Desktop applications / Software for system administration

Vendor: Tenable Network Security

Description

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated user can execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Tenable Nessus: 8.0.0 - 10.4.1

External links
http://www.tenable.com/security/tns-2023-01
http://www.tenable.com/security/tns-2023-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Privilege escalation in Tenable Nessus