Privilege Escalation Vulnerability in Nessus Agent by Tenable
CVE-2021-20106

6.5MEDIUM

Key Information:

Vendor: Tenable
Status: Nessus Agent
Vendor: CVE Published:; 21 July 2021

What is CVE-2021-20106?

An issue has been discovered in Nessus Agent versions 8.2.5 and earlier, where a privilege escalation vulnerability exists. This flaw permits Nessus administrator users to upload specially crafted files, potentially enabling them to gain elevated administrator privileges on the Nessus host. Addressing this vulnerability is essential for maintaining secure administration controls and protecting sensitive data.

Affected Version(s)

Nessus Agent Nessus Agent 8.2.5 and earlier

References

https://www.tenable.com/security/tns-2021-13

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 21, 2021
Vulnerability Reserved
Dec 17, 2020