Nessus Plugin Flaw Let Attacker’s to Escalate the Privileges

Nessus, developed by Tenable, is one of the highly used vulnerability scanning tools by organizations due to its effectiveness and other features.

Nessus has multiple plugins that can be used depending on the tool’s usage. The tool operates by checking each port on a computer, identifying what service it is operating, and then testing this service to ensure that it does not contain any vulnerabilities that a hacker could exploit.

Read moreBuilding cyber skills and roles from CyBOK foundations

A Nessus plugin vulnerability was discovered and reported as part of the Tenable Vulnerability Disclosure Program (VDP).

This vulnerability exists on the binary of filesystem location that can allow threat actors to escalate privileges by abusing the plugin.

CVE-2023-2005: Tenable Plugin Privilege Escalation Vulnerability

Read moreAccessibility as a cyber security priority

An attacker with sufficient permissions on a scan target will be able to place a binary on the filesystem in a specific location and abuse the plugin for escalating privileges.

This vulnerability has a CVSS score of 6.3 (medium) as given by Tenable, and was discovered by a Security researcher named Patrick Romero from CrowdStrike.

Security Updates

Read moreNew interactive video - and related downloads - to help secondary school kids stay safe online

Tenable has released security patches for this vulnerability. Their community post also mentioned that the Java Detection and Identification had been updated to prevent this privilege escalation vulnerability.

This vulnerability has a low success exploitation ratio. However, Tenable Security researchers have released necessary security patches for all the vulnerable products.

Affected Products

Read moreNigerian Cybercrime Ring's Phishing Tactics Exposed

Products affected by this vulnerability include;

Tenable.io

Read moreS3 Ep135: Sysadmin by day, extortionist by night

Tenable Nessus

Tenable Security Center

Read moreUS offers $10m bounty for Russian ransomware suspect outed in indictment

Users of the above-mentioned products are recommended to update to the latest security update to prevent this vulnerability. New versions of the plugin can be found here.

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.

Read moreBelkin Wemo Smart Plug V2 – the buffer overflow that won’t be patched

The post Nessus Plugin Flaw Let Attacker’s to Escalate the Privileges appeared first on Cyber Security News.

   Read More 

Read moreZut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France

Cyber Security News 

Related Posts

New AD CTS Attack Vector Enables Lateral Movement Between Microsoft tenant
New AD CTS Attack Vector Enables Lateral Movement Between Microsoft tenant

New AD CTS Attack Vector Enables Lateral Movement Between Microsoft tenant

According to reports, the threat group known as “Nobelium” who were responsible for the SolarWinds attacks is now discovered to be targeting Microsoft tenants through the new Cross-Tenant Synchronisation (CTS) feature introduced by Microsoft.

CTS is a feature that enables organizations to synchronize users and groups from other source tenants and can grant them access to the target tenant.

CTS feature also helps in creating, updating, and deleting AD (Active Directory) users across other tenants.

CTS features and workflow (Source: Vectra)

However, since this feature opens the gate to multiple tenants from one tenant, it is important to configure and manage correctly.

Misconfiguration can lead to threat actors using this feature for lateral movement across multiple tenants and performing malicious activities.

The attack from threat actors however requires licence and compromising of a privileged account or privilege escalation on a compromised tenant.

However, if a Global admin account is compromised, it is extremely easy for an attacker to deploy a backdoor and maintain persistent access to the tenants. The CTS tenants get synced through “Push” and not “Pull”.

Lateral Movement

Once the threat actor compromises a tenant, it is possible for him to move laterally to other connected tenants. This can be done by reviewing the Cross Tenant Access Policies configured on the compromised tenant.

Once the threat actor finds a tenant with Outbound sync enabled, he can use that tenant to get synchronized with the target tenant.

After this, the threat actor can discover the CTS host sync application and use it to push the user account to that tenant which grants access to the target tenant.

Lateral Movement with CTS (Source: Vectra)

Backdoor

The attacker can then deploy a rogue Cross Tenant Access Configuration for maintaining persistent access on the compromised tenant. In addition, the attacker can also configure this to an external tenant with the help of the documentation provided by Microsoft.

Backdoor implementation (Source: Vectra)

A complete report on the lateral movement and backdoor has been published by Vectra which shows detailed information on this attack vector.

Users of Active Directory and Cross Tenant Synchronisation features are advised to configure them properly in order to prevent threat actors from exploiting them.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

The post New AD CTS Attack Vector Enables Lateral Movement Between Microsoft tenant appeared first on Cyber Security News.

   Read More 

Cyber Security News