PT-2007-5267 · Tenable · Nessus Vulnerability Scanner+2
Publicado
2007-07-30
·
Atualizado
2017-07-29
·
CVE-2007-4062
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:C |
Name of the Vulnerable Software and Affected Versions:
Nessus Vulnerability Scanner version 3.0.6
Description:
The issue concerns the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll, which allows remote attackers to delete arbitrary files. This is likely due to a directory traversal vulnerability involving the
deleteNessusRC method.Recommendations:
For Nessus Vulnerability Scanner version 3.0.6, consider disabling the
deleteNessusRC method as a temporary workaround until a patch is available. Restrict access to the scan.dll module to minimize the risk of exploitation.Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Nessus
Nessus Activex Control
Nessus Vulnerability Scanner