CVE-2023-0524

EPSS 0.14%
Published 01.02.2023 03:15:08
Last modified 27.03.2025 15:15:42
Source vulnreport@tenable.com
Teams watchlist Login
Open Login

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Tenable ≫ Nessus Version-

Tenable ≫ Tenable.Io Version-

Tenable ≫ Tenable.Sc Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.306

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.tenable.com/security/tns-2023-04

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0524

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0524

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0524

EUVD