Skip to main content

Nessus Agent CVE-2021-20117

MEDIUM
2021-09-09 vulnreport@tenable.com
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 09, 2021 - 12:15 nvd
MEDIUM 6.7

DescriptionNVD

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118.

AnalysisAI

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Technical ContextAI

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118. Affected products include: Tenable Nessus Agent.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-36633 HIGH
8.8 Jun 13

Local privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-adminis

CVE-2025-36631 HIGH
8.4 Jun 13

Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrativ

CVE-2025-36632 HIGH
7.8 Jun 16

Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows a non-administrat

CVE-2020-5793 HIGH
7.8 Nov 05

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could all

CVE-2021-3450 HIGH
7.4 Mar 25

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.

CVE-2023-5847 HIGH
7.3 Nov 01

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade t

CVE-2021-20118 MEDIUM
6.7 Sep 09

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an auth

CVE-2021-20077 MEDIUM
6.7 Mar 19

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local h

CVE-2019-16168 MEDIUM
6.5 Sep 09

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missin

CVE-2026-2026 MEDIUM
6.1 Feb 13

Nessus Agent on Windows systems contains improper file permission controls that allow local authenticated users to trigg

Share

CVE-2021-20117 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy