Certificate Validation Flaw in Nessus AMI by Tenable
CVE-2020-5812

5.9MEDIUM

Key Information:

Vendor: Tenable
Status: Tenable Nessus Ami
Vendor: CVE Published:; 6 February 2021

What is CVE-2020-5812?

A vulnerability exists in Nessus AMI where the application fails to properly validate certificates. This flaw could be exploited by an attacker to impersonate a trusted entity, potentially leading to man-in-the-middle attacks. By leveraging this weakness, malicious actors can intercept, alter, or redirect communication between users and a targeted service without detection, thereby compromising sensitive information.

Affected Version(s)

Tenable Nessus AMI 8.12.0 and earlier

References

https://www.tenable.com/security/tns-2021-01

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2021
Vulnerability Reserved
Jan 6, 2020