Security Center
CVE-2024-5759
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionNVD
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges
AnalysisAI
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges Affected products include: Tenable Security Center.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
More in Security Center
View allSQL Injection in the Hardware Inventory report of Security Center 5.11.2. Rated high severity (CVSS 8.8), this vulnerabi
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Se
Security Center's access control implementation fails to properly restrict authenticated users to their authorized scope
A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker co
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Secu
Authenticated users of Security Center can manipulate the 'owner' parameter to gain unauthorized elevated privileges thr
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today