Vulnerability CVE-2018-1141
Published: 2018-03-20

Description:
When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.

Type:

CWE-732

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Tenable -> Nessus 

 References:
http://www.securitytracker.com/id/1040557
https://www.tenable.com/security/tns-2018-01
Copyright 2024, cxsecurity.com

 

Back to Top