Skip to main content

Nessus Network Monitor CVE-2023-5623

HIGH
Code Injection (CWE-94)
2023-10-26 vulnreport@tenable.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 26, 2023 - 17:15 nvd
HIGH 7.8

DescriptionNVD

NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location

AnalysisAI

NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location Affected products include: Tenable Nessus Network Monitor.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2021-3711 CRITICAL
9.8 Aug 24

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated cri

CVE-2023-5622 HIGH
8.8 Oct 26

Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORIT

CVE-2020-5794 HIGH
7.8 Nov 06

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated l

CVE-2021-23840 HIGH
7.5 Feb 16

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases

CVE-2021-3450 HIGH
7.4 Mar 25

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.

CVE-2023-5624 HIGH
7.2 Oct 26

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. Rated high severity

CVE-2020-1971 MEDIUM
5.9 Dec 08

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9)

CVE-2021-3449 MEDIUM
5.9 Mar 25

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated med

CVE-2021-23841 MEDIUM
5.9 Feb 16

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer

CVE-2024-9158 MEDIUM
4.6 Sep 30

A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local at

CVE-2025-24917 HIGH
7.8 May 23

In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could

CVE-2025-24916 HIGH
7.0 May 23

When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions pr

Share

CVE-2023-5623 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy