Overview
- Description
- A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.
- Source
- vulnreport@tenable.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D243271-6ED5-4CA4-AB61-DD5526066E4D",
"versionEndExcluding": "10.4.2"
},
{
"criteria": "cpe:2.3:a:tenable:plugin_feed:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67B40173-E59F-4DC9-BB7E-6C0CAE1725FC",
"versionEndExcluding": "202212081952"
}
],
"operator": "OR"
}
]
}
]