CVE-2024-2390

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.tenable.com/security/tns-2024-05
https://www.tenable.com/security/tns-2024-05

Configurations

No configuration.

History

21 Nov 2024, 09:09

Type	Values Removed	Values Added
References	~~() https://www.tenable.com/security/tns-2024-05 -~~	() https://www.tenable.com/security/tns-2024-05 -
Summary		(es) Como parte del programa de divulgación de vulnerabilidades de Tenable, se identificó y reportó una vulnerabilidad en un complemento de Nessus. Esta vulnerabilidad podría permitir que un actor malintencionado con permisos suficientes en un objetivo de análisis coloque un binario en una ubicación específica del sistema de archivos y abuse del complemento afectado para aumentar los privilegios.

18 Mar 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-18 16:15

Updated : 2024-11-21 09:09

NVD link : CVE-2024-2390

Mitre link : CVE-2024-2390

CVE.ORG link : CVE-2024-2390

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

7.8 /10