Nessus Plugin Flaw Let Attacker’s to Escalate the Privileges

Nessus, developed by Tenable, is one of the highly used vulnerability scanning tools by organizations due to its effectiveness and other features.

Nessus has multiple plugins that can be used depending on the tool’s usage. The tool operates by checking each port on a computer, identifying what service it is operating, and then testing this service to ensure that it does not contain any vulnerabilities that a hacker could exploit.

A Nessus plugin vulnerability was discovered and reported as part of the Tenable Vulnerability Disclosure Program (VDP).

This vulnerability exists on the binary of filesystem location that can allow threat actors to escalate privileges by abusing the plugin.

CVE-2023-2005: Tenable Plugin Privilege Escalation Vulnerability

An attacker with sufficient permissions on a scan target will be able to place a binary on the filesystem in a specific location and abuse the plugin for escalating privileges.

This vulnerability has a CVSS score of 6.3 (medium) as given by Tenable, and was discovered by a Security researcher named Patrick Romero from CrowdStrike.

Security Updates

Tenable has released security patches for this vulnerability. Their community post also mentioned that the Java Detection and Identification had been updated to prevent this privilege escalation vulnerability.

This vulnerability has a low success exploitation ratio. However, Tenable Security researchers have released necessary security patches for all the vulnerable products.

Affected Products

Products affected by this vulnerability include;

Tenable Nessus

Tenable Security Center

Users of the above-mentioned products are recommended to update to the latest security update to prevent this vulnerability. New versions of the plugin can be found here.

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.

The post Nessus Plugin Flaw Let Attacker’s to Escalate the Privileges appeared first on Cyber Security News.

   Read More 

Cyber Security News