CVE Vulnerabilities

CVE-2023-0101

Improper Privilege Management

Published: Jan 20, 2023 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host.

Weakness 

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software 

Name Vendor Start Version End Version
Nessus Tenable 8.10.1 (including) 8.15.8 (excluding)
Nessus Tenable 10.0.0 (including) 10.4.2 (excluding)

Potential Mitigations 

References