In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.