In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.