CVE-2022-4313

Summary

A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.

Affected Software

VendorProductVersion RangeStatus
n/aTenable.io, Tenable.sc and NessusPlugin Feed Version 202212081951 and earlieraffected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References