Arbitrary File Write Vulnerability in Nessus by Tenable
CVE-2023-6178

6.5MEDIUM

Key Information:

Vendor: Tenable
Status: Nessus Agent
Vendor: CVE Published:; 20 November 2023

What is CVE-2023-6178?

An arbitrary file write vulnerability has been identified in Nessus, allowing authenticated attackers with appropriate privileges to manipulate Nessus Rules variables. This exploitation could result in overwriting arbitrary files on the remote host, potentially leading to a denial of service condition. It is essential for users to review their security configurations and update to the latest versions to mitigate risks.

Affected Version(s)

Nessus Agent 0

References

https://www.tenable.com/security/tns-2023-41

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2023
Vulnerability Reserved
Nov 16, 2023