Privilege Escalation
CVE-2023-5623

7.8HIGH

Key Information:

Vendor

Tenable

Status
Nessus Network Monitor
Vendor
CVE Published:
26 October 2023

What is CVE-2023-5623?

Network Node Manager by Micro Focus contains a vulnerability where improper access control lists (ACLs) on its installation directory could permit low-privileged users to execute arbitrary code with SYSTEM privileges. This risk is particularly pronounced when NNM is installed in non-standard directories, potentially leading to significant security breaches.

Affected Version(s)

Nessus Network Monitor Windows 0

References

https://www.tenable.com/security/tns-2023-34

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-5623 : Privilege Escalation