Skip to main content

Nessus Network Monitor CVE-2020-5794

HIGH
2020-11-06 vulnreport@tenable.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 06, 2020 - 17:15 nvd
HIGH 7.8

DescriptionNVD

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.

AnalysisAI

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability. Affected products include: Tenable Nessus Network Monitor.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-3711 CRITICAL
9.8 Aug 24

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated cri

CVE-2023-5622 HIGH
8.8 Oct 26

Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORIT

CVE-2023-5623 HIGH
7.8 Oct 26

NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary

CVE-2021-23840 HIGH
7.5 Feb 16

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases

CVE-2021-3450 HIGH
7.4 Mar 25

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.

CVE-2023-5624 HIGH
7.2 Oct 26

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. Rated high severity

CVE-2020-1971 MEDIUM
5.9 Dec 08

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9)

CVE-2021-3449 MEDIUM
5.9 Mar 25

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated med

CVE-2021-23841 MEDIUM
5.9 Feb 16

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer

CVE-2024-9158 MEDIUM
4.6 Sep 30

A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local at

CVE-2025-24917 HIGH
7.8 May 23

In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could

CVE-2025-24916 HIGH
7.0 May 23

When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions pr

Share

CVE-2020-5794 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy