[R1] Nessus Version 10.7.3 Fixes Multiple Vulnerabilities

Tenable Security Advisory

[R1] Nessus Version 10.7.3 Fixes Multiple Vulnerabilities

Arnie Cabral

Two separate vulnerabilities were discovered, reported and fixed:

  • When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. – CVE-2024-3289
  • A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. – CVE-2024-3290


Leave a Reply

Your email address will not be published. Required fields are marked *