CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2005 – Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2005
26 Jun 2023 — Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. • https://www.tenable.com/security/tns-2023-21 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0524
https://notcve.org/view.php?id=CVE-2023-0524
01 Feb 2023 — As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been d... • https://www.tenable.com/security/tns-2023-04 • CWE-269: Improper Privilege Management •