[R1] Nessus Agent Version 10.6.4 Fixes Multiple Vulnerabilities

Tenable Security Advisory

[R1] Nessus Agent Version 10.6.4 Fixes Multiple Vulnerabilities

Arnie Cabral

Two separate vulnerabilities were discovered, reported and fixed:

  • When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. – CVE-2024-3291
  • A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. – CVE-2024-3292

READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *