PT-2007-5267 · Tenable · Nessus Vulnerability Scanner+2

Published

2007-07-30

Updated

2017-07-29

CVE-2007-4062

CVSS v2.0

7.8

High

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions: Nessus Vulnerability Scanner version 3.0.6

Description: The issue concerns the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll, which allows remote attackers to delete arbitrary files. This is likely due to a directory traversal vulnerability involving the deleteNessusRC method.

Recommendations: For Nessus Vulnerability Scanner version 3.0.6, consider disabling the deleteNessusRC method as a temporary workaround until a patch is available. Restrict access to the scan.dll module to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2007-4062

Affected Products

Nessus

Nessus Activex Control

Nessus Vulnerability Scanner

PT-2007-5267 · Tenable · Nessus Vulnerability Scanner+2

CVE-2007-4062

Weakness Enumeration

Related Identifiers

Affected Products

References · 7