Race Condition Vulnerability in Nessus Agent Could Lead to Arbitrary Code Execution
CVE-2024-3292

8.2HIGH

Key Information:

Vendor: Tenable
Status: Nessus Agent
Vendor: CVE Published:; 17 May 2024

What is CVE-2024-3292?

A race condition vulnerability exists in Nessus Agents developed by Tenable, where an authenticated local attacker on a Windows host may exploit weaknesses during the installation process. This vulnerability allows modification of installation parameters, which can enable the execution of arbitrary code on the device. Such manipulation risks the integrity of the system and may result in unauthorized access or disruption of services, necessitating immediate security measures to safeguard against potential exploitation.

Affected Version(s)

Nessus Agent Windows 0

References

https://www.tenable.com/security/tns-2024-09

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2024