Skip to main content

Nessus Agent

11 CVEs product

Monthly

CVE-2026-2026 MEDIUM This Month

Nessus Agent on Windows systems contains improper file permission controls that allow local authenticated users to trigger denial of service attacks against the agent process. The vulnerability requires local access with standard user privileges and could disrupt security monitoring capabilities on affected hosts. No patch is currently available for this issue.

Windows Denial Of Service Nessus Agent
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-36632 HIGH PATCH This Week

Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows a non-administrative local user to execute arbitrary code with SYSTEM-level privileges. This is a local privilege escalation (LPE) vulnerability with high severity (CVSS 7.8) requiring only local access and low complexity exploitation. The vulnerability represents a critical risk in multi-user Windows environments where standard users could gain complete system control.

Microsoft Information Disclosure Nessus Agent Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-36633 HIGH PATCH This Week

Local privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to arbitrarily delete system files with SYSTEM privileges. This vulnerability has a CVSS score of 8.8 (High) and could enable local attackers to compromise system integrity and gain elevated privileges. The attack requires local access but no user interaction, making it a significant risk for multi-user Windows systems running vulnerable Tenable Agent versions.

Microsoft Privilege Escalation Nessus Agent Windows
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-36631 HIGH PATCH This Week

Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to overwrite arbitrary system files with log content while executing at SYSTEM privilege level. This vulnerability enables local attackers without admin rights to achieve arbitrary file write operations with elevated privileges, potentially leading to system compromise. The vulnerability has a CVSS score of 8.4 (High) and affects Windows deployments; patch availability exists in version 10.8.5 and later.

Microsoft Information Disclosure Nessus Agent Windows
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2023-5847 HIGH This Week

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Nessus Nessus Agent
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2021-20118 MEDIUM PATCH This Month

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Nessus Agent
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-20117 MEDIUM PATCH This Month

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Nessus Agent
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-3450 Cargo HIGH PATCH This Week

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Authentication Bypass Freebsd Santricity Smi S Provider Firmware Storagegrid Firmware +29
NVD
CVSS 3.1
7.4
EPSS
18.3%
CVE-2021-20077 MEDIUM PATCH This Month

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Nessus Agent
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-5793 HIGH This Week

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Nessus Nessus Agent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-16168 MEDIUM PATCH This Month

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sqlite Active Iq Unified Manager E Series Santricity Os Controller Oncommand Insight +16
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
EPSS 0% CVSS 6.1
MEDIUM This Month

Nessus Agent on Windows systems contains improper file permission controls that allow local authenticated users to trigger denial of service attacks against the agent process. The vulnerability requires local access with standard user privileges and could disrupt security monitoring capabilities on affected hosts. No patch is currently available for this issue.

Windows Denial Of Service Nessus Agent
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows a non-administrative local user to execute arbitrary code with SYSTEM-level privileges. This is a local privilege escalation (LPE) vulnerability with high severity (CVSS 7.8) requiring only local access and low complexity exploitation. The vulnerability represents a critical risk in multi-user Windows environments where standard users could gain complete system control.

Microsoft Information Disclosure Nessus Agent +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to arbitrarily delete system files with SYSTEM privileges. This vulnerability has a CVSS score of 8.8 (High) and could enable local attackers to compromise system integrity and gain elevated privileges. The attack requires local access but no user interaction, making it a significant risk for multi-user Windows systems running vulnerable Tenable Agent versions.

Microsoft Privilege Escalation Nessus Agent +1
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to overwrite arbitrary system files with log content while executing at SYSTEM privilege level. This vulnerability enables local attackers without admin rights to achieve arbitrary file write operations with elevated privileges, potentially leading to system compromise. The vulnerability has a CVSS score of 8.4 (High) and affects Windows deployments; patch availability exists in version 10.8.5 and later.

Microsoft Information Disclosure Nessus Agent +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Nessus +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Nessus Agent
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Nessus Agent
NVD
EPSS 18% CVSS 7.4
HIGH PATCH This Week

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Authentication Bypass Freebsd +31
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Nessus Agent
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Nessus +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sqlite Active Iq Unified Manager +18
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy