Vulnerabilities > CVE-2020-5793 - Unspecified vulnerability in Tenable Nessus and Nessus Agent

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

tenable

NVD

Published: 2020-11-05

Updated: 2020-11-16

Summary

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Tenable Tenable Nessus 8.9.0 Tenable Nessus 8.9.1 Tenable Nessus 8.10.0 Tenable Nessus 8.10.1 Tenable Nessus 8.11.0 Tenable Nessus Agent 8.0.0 Tenable Nessus Agent 8.1.0	7
OS	Microsoft Microsoft Windows -	1

Summary

Vulnerable Configurations

References