Nessus was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g. after a reboot). This issue only affects installations on Windows. Note that our CVSSv2 score follows specifications regarding the immediate impact (writing a custom file anywhere on the system), and does not reflect the follow-up impact which would require additional actions by the administrator. Please note that Tenable strongly recommends that Nessus be installed on a subnet that is not Internet addressable.