CVE-2021-20077

Name of the Vulnerable Software and Affected Versions: Nessus Agent versions 7.2.0 through 8.2.2

Description: The issue arises when the Nessus Agent is installed on an Amazon EC2 instance and inadvertently captures the IAM role security token on the local host during the initial linking process. This could allow a privileged attacker to obtain the token.

Recommendations: For Nessus Agent versions 7.2.0 through 8.2.2, update to a version that includes a fix for this issue to prevent the capture of the IAM role security token. At the moment, there is no information about a newer version that contains a fix for this vulnerability.