As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.