PT-2020-18714 · Tenable+1 · Nessus Agent+2

Published

2020-11-05

Updated

2020-11-16

CVE-2020-5793

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Nessus versions 8.9.0 through 8.12.0 Nessus Agent versions 8.0.0 through 8.1.0

Description A vulnerability could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. The attacker could exploit this by creating a malicious file and copying it to a system directory, requiring valid credentials on the Windows system.

Recommendations For Nessus versions 8.9.0 through 8.12.0, update to a version outside of this range to resolve the issue. For Nessus Agent versions 8.0.0 through 8.1.0, update to a version outside of this range to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-5793

Affected Products

Nessus

Nessus Agent

Windows

PT-2020-18714 · Tenable+1 · Nessus Agent+2

CVE-2020-5793

Related Identifiers

Affected Products

References · 4