Vulnerabilities > CVE-2020-5774 - Insufficient Session Expiration vulnerability in Tenable Nessus

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

tenable

CWE-613

NVD

Published: 2020-08-21

Updated: 2020-08-28

Summary

Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.

Vulnerable Configurations

Part	Description	Count
Application	Tenable Tenable Nessus - Tenable Nessus 4.4.1.15078 Tenable Nessus 5.2.0 Tenable Nessus 5.2.1 Tenable Nessus 5.2.2 Tenable Nessus 5.2.3 Tenable Nessus 5.2.4 Tenable Nessus 5.2.5 Tenable Nessus 5.2.6 Tenable Nessus 5.2.7 Tenable Nessus 5.2.8 Tenable Nessus 5.2.9 Tenable Nessus 5.2.10 Tenable Nessus 5.2.11 Tenable Nessus 5.2.12 Tenable Nessus 6.0.0 Tenable Nessus 6.0.1 Tenable Nessus 6.0.2 Tenable Nessus 6.1.0 Tenable Nessus 6.1.1 Tenable Nessus 6.1.2 Tenable Nessus 6.2.0 Tenable Nessus 6.2.1 Tenable Nessus 6.3.0 Tenable Nessus 6.3.1 Tenable Nessus 6.3.2 Tenable Nessus 6.3.3 Tenable Nessus 6.3.4 Tenable Nessus 6.3.5 Tenable Nessus 6.3.6 Tenable Nessus 6.3.7 Tenable Nessus 6.4.0 Tenable Nessus 6.4.1 Tenable Nessus 6.4.2 Tenable Nessus 6.4.3 Tenable Nessus 6.5.0 Tenable Nessus 6.5.1 Tenable Nessus 6.5.2 Tenable Nessus 6.5.3 Tenable Nessus 6.5.4 Tenable Nessus 6.5.5 Tenable Nessus 6.5.6 Tenable Nessus 6.6.0 Tenable Nessus 6.6.1 Tenable Nessus 6.6.2 Tenable Nessus 6.7 Tenable Nessus 6.7.0 Tenable Nessus 6.8 Tenable Nessus 6.8.0 Tenable Nessus 6.8.1 Tenable Nessus 6.8.2 Tenable Nessus 6.9 Tenable Nessus 6.9.0 Tenable Nessus 6.9.1 Tenable Nessus 6.9.2 Tenable Nessus 6.9.3 Tenable Nessus 6.10.0 Tenable Nessus 6.10.1 Tenable Nessus 6.10.2 Tenable Nessus 6.10.3 Tenable Nessus 6.10.4 Tenable Nessus 6.10.5 Tenable Nessus 6.10.6 Tenable Nessus 6.10.7 Tenable Nessus 6.10.8 Tenable Nessus 6.10.9 Tenable Nessus 6.11.0 Tenable Nessus 6.11.1 Tenable Nessus 6.11.2 Tenable Nessus 6.11.3 Tenable Nessus 6.12.0 Tenable Nessus 6.12.1 Tenable Nessus 7.0.0 Tenable Nessus 7.0.1 Tenable Nessus 7.0.2 Tenable Nessus 7.0.3 Tenable Nessus 7.1.0 Tenable Nessus 7.1.1 Tenable Nessus 7.1.2 Tenable Nessus 7.1.3 Tenable Nessus 7.1.4 Tenable Nessus 7.1.5 Tenable Nessus 7.2.0 Tenable Nessus 7.2.1 Tenable Nessus 7.2.2 Tenable Nessus 7.2.3 Tenable Nessus 8.0.0 Tenable Nessus 8.0.1 Tenable Nessus 8.1.0 Tenable Nessus 8.1.1 Tenable Nessus 8.1.2 Tenable Nessus 8.2.0 Tenable Nessus 8.2.1 Tenable Nessus 8.2.2 Tenable Nessus 8.2.3 Tenable Nessus 8.2.4 Tenable Nessus 8.2.5 Tenable Nessus 8.3.0 Tenable Nessus 8.3.1 Tenable Nessus 8.3.2 Tenable Nessus 8.4.0 Tenable Nessus 8.5.0 Tenable Nessus 8.5.1 Tenable Nessus 8.5.2 Tenable Nessus 8.6.0 Tenable Nessus 8.7.0 Tenable Nessus 8.7.1 Tenable Nessus 8.7.2 Tenable Nessus 8.8.0 Tenable Nessus 8.9.0 Tenable Nessus 8.9.1 Tenable Nessus 8.10.0 Tenable Nessus 8.10.1 Tenable Nessus 8.11.0	114

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://www.tenable.com/security/tns-2020-06