CVE-2023-0524

EPSS 0.14%
Veröffentlicht 01.02.2023 03:15:08
Zuletzt bearbeitet 27.03.2025 15:15:42
Quelle vulnreport@tenable.com
Teams Watchlist Login
Unerledigt Login

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tenable ≫ Nessus Version-

Tenable ≫ Tenable.Io Version-

Tenable ≫ Tenable.Sc Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.306

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.tenable.com/security/tns-2023-04

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0524

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0524

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0524

EUVD