CVE-2023-5623
26.10.2023, 17:15
NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location
| Vendor | Product | Version |
|---|---|---|
| tenable | nessus_network_monitor | 𝑥 < 6.3.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-94 - Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
- CWE-276 - Incorrect Default PermissionsDuring installation, installed file permissions are set to allow anyone to modify those files.