Published: 08/03/2017 Updated: 03/10/2019

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3

VMScore: 534

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Tenable Nessus prior to 6.10.2 (as used alone or in Tenable Appliance prior to 4.5.0) was found to contain a flaw that allowed a remote, authenticated malicious user to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tenable nessus
tenable appliance 4.4.0

Nessus was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system This could be used to subsequently gain elevated privileges on the system (eg after a reboot) This issue only affects installations on Windows Note that our CVSSv2 score follows specification ...

The Tenable Appliance has recently been discovered to contain several vulnerabilities One exists in the underlying operating system kernel, two in the Appliance web interface, and multiple issues in bundled applications Since the Appliance ships with other Tenable products, please consult the associated advisories linked below for more details ...

NVD-CWE-noinfo http://www.tenable.com/security/tns-2017-06 http://www.securityfocus.com/bid/96418 https://nvd.nist.gov https://www.tenable.com/security/tns-2017-06

CVE-2017-6543

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect