Local Privilege Escalation Vulnerabilities in Nessus Agent for Windows
CVE-2021-20099

6.7MEDIUM

Key Information:

Vendor: Tenable
Status: Nessus Agent
Vendor: CVE Published:; 28 June 2021

What is CVE-2021-20099?

Nessus Agent versions 8.2.4 and prior for Windows are susceptible to multiple local privilege escalation vulnerabilities. These flaws could allow an authenticated local administrator to execute specific Windows executables with elevated privileges, compromising the security of the host system. It is crucial for organizations using Nessus Agent to update to the latest version to mitigate these vulnerabilities and enhance their overall security posture.

Affected Version(s)

Nessus Agent Nessus Agent 8.2.4 and earlier

References

https://www.tenable.com/security/tns-2021-12

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2021
Vulnerability Reserved
Dec 17, 2020

Tenable

What is CVE-2021-20099?

Affected Version(s)

References

CVSS V3.1

Timeline