Vulnerabilities > CVE-2017-6543 - Unspecified vulnerability in Tenable Appliance and Nessus
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows.
Vulnerable Configurations
Nessus
| NASL family | Windows |
| NASL id | NESSUS_TNS_2017_06.NASL |
| description | According to its self-reported version, the Tenable Nessus application running on the remote host is 6.8.x, 6.9.x, or 6.10.x prior to 6.10.2. It is, therefore, affected by an arbitrary file upload vulnerability due to an unspecified flaw. An authenticated, remote attacker can exploit this to upload a specially crafted file to an arbitrary system location. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 99440 |
| published | 2017-04-18 |
| reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/99440 |
| title | Tenable Nessus 6.8.x < 6.10.2 Arbitrary File Upload (TNS-2017-06) |