CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5847 – Tenable Nessus Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-5847
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. Bajo ciertas condiciones, un atacante con pocos privilegios podría cargar un archivo especialmente manipulado durante la instalación o actualización para escalar privilegios en hosts de Windows y Linux. This vulnerability allows local attackers to escalate privileges on affected installations of Tenable Nessus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The process loads an OpenSSL configuration file from an unsecured location. • https://www.tenable.com/security/tns-2023-37 https://www.tenable.com/security/tns-2023-38 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3253 – Improper authorization in Nessus
https://notcve.org/view.php?id=CVE-2023-3253
An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application. • https://www.tenable.com/security/tns-2023-29 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3252 – Arbitrary File Write
https://notcve.org/view.php?id=CVE-2023-3252
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition. • https://www.tenable.com/security/tns-2023-29 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3251 – Pass-back vulnerability in Nessus
https://notcve.org/view.php?id=CVE-2023-3251
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0. • https://www.tenable.com/security/tns-2023-29 • CWE-522: Insufficiently Protected Credentials •