Nessus Agent
CVE-2021-20117
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118.
AnalysisAI
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
Technical ContextAI
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118. Affected products include: Tenable Nessus Agent.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Nessus Agent
View allLocal privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-adminis
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrativ
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows a non-administrat
A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could all
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade t
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an auth
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local h
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missin
Nessus Agent on Windows systems contains improper file permission controls that allow local authenticated users to trigg
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today