PT-2023-17405 · Tenable · Tenable.Io+2

Patrick Romero

Publicado

2023-06-26

Atualizado

2024-12-03

CVE-2023-2005

CVSS v3.1

6.3

Média

Vetor

AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tenable.Io versions before Plugin Feed ID #202306261202 Tenable Nessus versions before Plugin Feed ID #202306261202 Tenable Security Center versions before Plugin Feed ID #202306261202

Description This issue could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

Recommendations For Tenable.Io versions before Plugin Feed ID #202306261202, update to a version that includes Plugin Feed ID #202306261202 or later. For Tenable Nessus versions before Plugin Feed ID #202306261202, update to a version that includes Plugin Feed ID #202306261202 or later. For Tenable Security Center versions before Plugin Feed ID #202306261202, update to a version that includes Plugin Feed ID #202306261202 or later.

Correção

Uncontrolled Search Path Element

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-427

Identificadores relacionados

CVE-2023-2005

Produtos afetados

Tenable Nessus

Tenable Security Center

Tenable.Io

PT-2023-17405 · Tenable · Tenable.Io+2

CVE-2023-2005

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3