CVE-2020-5793

05.11.2020, 20:15

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
tenable	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 30%

Vendor	Product	Version
tenable	nessus	8.9.0 ≤ 𝑥 ≤ 8.12.0
tenable	nessus_agent	8.0.0
tenable	nessus_agent	8.1.0

𝑥

= Vulnerable software versions

References

https://www.tenable.com/security/tns-2020-07

https://www.tenable.com/security/tns-2020-08

https://www.tenable.com/security/tns-2020-07

https://www.tenable.com/security/tns-2020-08