CVE-2024-2390

Local Privilege Escalation

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

Como parte del programa de divulgación de vulnerabilidades de Tenable, se identificó y reportó una vulnerabilidad en un complemento de Nessus. Esta vulnerabilidad podría permitir que un actor malintencionado con permisos suficientes en un objetivo de análisis coloque un binario en una ubicación específica del sistema de archivos y abuse del complemento afectado para aumentar los privilegios.

*Credits: Rich Sprigg (RythmStick)

CVSS Scores

Tenable Network Security, Inc.v3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-03-11 CVE Reserved
2024-03-18 CVE Published
2024-03-19 EPSS Updated
2024-08-21 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-269: Improper Privilege Management

CAPEC

CAPEC-233: Privilege Escalation

References (1)

URL	Tag	Source
https://www.tenable.com/security/tns-2024-05

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
-		-				-		-		-