Remote Code Execution Vulnerability in Tenable.sc by Tenable
CVE-2022-0130

8.1HIGH

Key Information:

Vendor: Tenable
Status: Tenable.sc
Vendor: CVE Published:; 14 January 2022

What is CVE-2022-0130?

Tenable.sc versions 5.14.0 through 5.19.1 are susceptible to a security flaw that permits remote, unauthenticated attackers to execute arbitrary code under specific conditions. To exploit this vulnerability, an attacker must first place a certain file type in the web server root of the Tenable.sc host, enabling them to execute malicious commands remotely, which poses a significant risk to the system's integrity.

Affected Version(s)

Tenable.sc 5.14.0 through 5.19.1

References

https://www.tenable.com/security/tns-2022-01

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2022
Vulnerability Reserved
Jan 5, 2022