PT-2024-24963 · Tenable · Nessus Agent
Alaa Kachouh
+1
·
Published
2024-05-17
·
Updated
2024-05-17
·
CVE-2024-3291
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nessus Agent versions prior to 10.6.4
Description
The issue concerns the installation of Nessus Agent to a non-default directory on a Windows host, where secure permissions for sub-directories were not enforced in versions prior to 10.6.4. This could potentially allow for local privilege escalation if the directories in the non-default installation location were not secured by the users.
Recommendations
For Nessus Agent versions prior to 10.6.4, update to version 10.6.4 or later to resolve the issue.
Fix
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nessus Agent