CVE-2020-5794

Name of the Vulnerable Software and Affected Versions Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0

Description A vulnerability in Nessus Network Monitor could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this issue.

Recommendations For versions 5.11.0, 5.11.1, and 5.12.0, consider restricting access to the user directory where the vulnerability can be exploited until a patch is available. As a temporary workaround, avoid using the specially constructed path in the user directory to minimize the risk of exploitation. Restrict access to the Windows system to only necessary personnel to reduce the attack surface.