Skip to main content

Nessus Network Monitor CVE-2024-9158

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-09-30 vulnreport@tenable.com
4.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.6 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 30, 2024 - 17:15 nvd
MEDIUM 4.6

DescriptionNVD

A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.

AnalysisAI

A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI. Affected products include: Tenable Nessus Network Monitor.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2021-3711 CRITICAL
9.8 Aug 24

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated cri

CVE-2023-5622 HIGH
8.8 Oct 26

Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORIT

CVE-2023-5623 HIGH
7.8 Oct 26

NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary

CVE-2020-5794 HIGH
7.8 Nov 06

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated l

CVE-2021-23840 HIGH
7.5 Feb 16

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases

CVE-2021-3450 HIGH
7.4 Mar 25

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.

CVE-2023-5624 HIGH
7.2 Oct 26

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. Rated high severity

CVE-2020-1971 MEDIUM
5.9 Dec 08

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9)

CVE-2021-3449 MEDIUM
5.9 Mar 25

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated med

CVE-2021-23841 MEDIUM
5.9 Feb 16

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer

CVE-2025-24917 HIGH
7.8 May 23

In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could

CVE-2025-24916 HIGH
7.0 May 23

When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions pr

Share

CVE-2024-9158 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy