Arbitrary Code Execution Vulnerability in Nessus Network Monitor by Tenable
CVE-2020-5794

7.8HIGH

Key Information:

Vendor: Tenable
Status: Nessus Network Monitor
Vendor: CVE Published:; 6 November 2020

What is CVE-2020-5794?

A vulnerability exists in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows that enables an authenticated local attacker to execute arbitrary code. This occurs by manipulating user-supplied files to be placed in a specially defined user directory path. The exploit requires valid user credentials on the Windows system, highlighting the importance of maintaining strict access controls and monitoring authenticated user actions.

Affected Version(s)

Nessus Network Monitor NNM 5.11.0, 5.11.1, 5.12.0

References

https://www.tenable.com/security/tns-2020-09

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 6, 2020
Vulnerability Reserved
Jan 6, 2020