Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-7849 CVE-2017-7850

Nessus was found to be vulnerable to a local privilege escalation issue and a local denial of service condition due to insecure permissions when running in Agent Mode. This may allow an attacker to gain administrative privileges on the system hosting a Nessus agent. Note that these are very similar to, but different than the Agent issue fixed in version 6.10.4. A local privilege escalation exists due to insecure permissions. CVSSv2 7.2 / 5.6 (AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C). Tracked internally as NES-6137, CVE-2017-7850. A local denial of service condition exists due to insecure permissions that would stop the agent from conducting scans. CVSSv2 2.1 / 1.7 (AV:L/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C). CVE-2017-7849

Source

Nessus was found to be vulnerable to a local privilege escalation issue and a local denial of service condition due to insecure permissions when running in Agent Mode. This may allow an attacker to gain administrative privileges on the system hosting a Nessus agent. Note that these are very similar to, but different than the Agent issue fixed in version 6.10.4.

A local privilege escalation exists due to insecure permissions. CVSSv2 7.2 / 5.6 (AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C). Tracked internally as NES-6137, CVE-2017-7850.
A local denial of service condition exists due to insecure permissions that would stop the agent from conducting scans. CVSSv2 2.1 / 1.7 (AV:L/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C). CVE-2017-7849

Tenable has released Nessus version 6.10.5 that corresponds to the supported operating systems and architectures. To update your Nessus installation, follow these steps:

Download the appropriate installation file to the system hosting Nessus Professional or Nessus Manager, available at the Tenable Support Portal (https://support.tenable.com/support-center/index.php?x=&mod_id=200)
Stop the Nessus service.
Install according to your operating system procedures.
Restart the Nessus service.

Note that only agents are impacted by the local privilege escalation issue, not scanners. If Nessus Manager is updated then auto updates will be deployed to the agents as well. If the agent is on Tenable.io then all of the agents will receive the updates.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

[R3] Nessus 6.10.5 Fixes Two Vulnerabilities

Synopsis

Solution

Vulmon Search

About

Products

Connect