CVE-2020-5793

Summary

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.

Affected Software

VendorProductVersion RangeStatus
n/aTenable Nessus for Windows and Tenable Nessus Agent for WindowsNessus Agent 8.0.0 and 8.1.0 / Nessus 8.9.0 through Nessus 8.12.0affected

Weaknesses

  • Local Privilege Escalation

ADP Enrichment

CVE Program Container

Additional References

References