Skip to main content

Nessus Network Monitor CVE-2023-5622

HIGH
Improper Privilege Management (CWE-269)
2023-10-26 vulnreport@tenable.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 26, 2023 - 17:15 nvd
HIGH 8.8

DescriptionNVD

Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.

AnalysisAI

Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file. Affected products include: Tenable Nessus Network Monitor.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

CVE-2021-3711 CRITICAL
9.8 Aug 24

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated cri

CVE-2023-5623 HIGH
7.8 Oct 26

NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary

CVE-2020-5794 HIGH
7.8 Nov 06

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated l

CVE-2021-23840 HIGH
7.5 Feb 16

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases

CVE-2021-3450 HIGH
7.4 Mar 25

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.

CVE-2023-5624 HIGH
7.2 Oct 26

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. Rated high severity

CVE-2020-1971 MEDIUM
5.9 Dec 08

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9)

CVE-2021-3449 MEDIUM
5.9 Mar 25

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated med

CVE-2021-23841 MEDIUM
5.9 Feb 16

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer

CVE-2024-9158 MEDIUM
4.6 Sep 30

A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local at

CVE-2025-24917 HIGH
7.8 May 23

In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could

CVE-2025-24916 HIGH
7.0 May 23

When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions pr

Share

CVE-2023-5622 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy