Tenable

Nessus Agent

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2026-2026

  • EPSS 0.01%
  • Veröffentlicht 13.02.2026 16:14:23
  • Zuletzt bearbeitet 24.02.2026 20:26:42

A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.

8.8

CVE-2025-36640

  • EPSS 0.01%
  • Veröffentlicht 13.01.2026 15:15:58
  • Zuletzt bearbeitet 14.01.2026 16:26:00

A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges.

7.8

CVE-2025-36632

  • EPSS 0.02%
  • Veröffentlicht 16.06.2025 13:56:23
  • Zuletzt bearbeitet 21.10.2025 20:19:43

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.

7.8

CVE-2025-36631

Medienbericht
  • EPSS 0.03%
  • Veröffentlicht 13.06.2025 14:34:52
  • Zuletzt bearbeitet 23.10.2025 16:00:08

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

7.8

CVE-2025-36633

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 13.06.2025 14:21:04
  • Zuletzt bearbeitet 23.10.2025 16:00:44

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation.

7.8

CVE-2025-24915

  • EPSS 0.02%
  • Veröffentlicht 21.03.2025 14:13:35
  • Zuletzt bearbeitet 21.03.2025 15:15:42

When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories.  This could allow for local privilege escalation if users had not secured the dire...

8.2

CVE-2024-3292

  • EPSS 0.04%
  • Veröffentlicht 17.05.2024 18:15:07
  • Zuletzt bearbeitet 21.11.2024 09:29:20

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. - CVE-2024-...

7.8

CVE-2024-3291

  • EPSS 0.04%
  • Veröffentlicht 17.05.2024 17:15:07
  • Zuletzt bearbeitet 21.11.2024 09:29:20

When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had ...

7.8

CVE-2024-2390

  • EPSS 0.07%
  • Veröffentlicht 18.03.2024 16:15:09
  • Zuletzt bearbeitet 21.11.2024 09:09:39

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific fi...

7.3

CVE-2023-5847

  • EPSS 0.05%
  • Veröffentlicht 01.11.2023 16:15:08
  • Zuletzt bearbeitet 21.11.2024 08:42:37

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.