- 186/2022
- High
Tenable Nessus has released an updated version (Nessus 8.15.6) to fix multiple vulnerabilities. The remote attacker could exploit these vulnerabilities to execute commands with administrator privileges and read arbitrary files without providing any valid SSH credentials.
The most severe of the addressed vulnerability could allow the remote attacker to trick the victim to open a specially-crafted audit file that bypasses PowerShell cmdlet checks and executes arbitrary commands with administrator privileges on the affected system.
Sample of the addressed vulnerabilities:
Tenable Nessus Command Execution Vulnerability (CVE-2022-32973):
- CVSS: 8.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
- CVE-2022-32973
- CVE-2022-32974
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.
https://www.tenable.com/security/tns-2022-16