- 44/2024
- Medium
Tenable has released a security update to fix several vulnerabilities in Nessus with stable version 10.7.0.
The addressed vulnerabilities could allow the authenticated remote attacker to conduct cross-site scripting attacks, execute arbitrary scripts, scan DB content, manipulate data, and view, add, modify, or delete information on the affected
system.
The addressed vulnerabilities:
1. Tenable Nessus SQL Injection Vulnerability (CVE-2024-0971):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Data Manipulation
2. Tenable Nessus Stored XSS Vulnerability (CVE-2024-0955):
- CVSS: 4.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Consequences: Cross-Site Scripting
Vulnerabilities
- CVE-2024-0955
- CVE-2024-0971
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.