Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token.
References
Link | Resource |
---|---|
https://www.tenable.com/security/tns-2021-04-0 | Patch Vendor Advisory |
https://www.tenable.com/security/tns-2021-07 | Not Applicable Vendor Advisory |
Configurations
History
28 Oct 2022, 14:28
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://www.tenable.com/security/tns-2021-07 - Not Applicable, Vendor Advisory |
23 Sep 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. |
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo |
05 Jun 2022, 02:53
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 6.7 |
References |
|
|
References | (CONFIRM) https://www.tenable.com/security/tns-2021-07 - Patch, Vendor Advisory |
08 Apr 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. |
06 Apr 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Mar 2021, 14:01
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
CWE | CWE-732 | |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CWE | CWE-732 | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
CWE | CWE-732 | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CWE | CWE-732 | |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CWE | CWE-732 | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
CWE | CWE-732 | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CWE | CWE-732 | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CWE | CWE-732 | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CWE | CWE-732 | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CWE | CWE-732 | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CPE | cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.tenable.com/security/tns-2021-04-0 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
19 Mar 2021, 19:26
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CWE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
New CVE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CWE | ||
CPE | ||
CWE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE | ||
CWE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
CWE | ||
CWE | ||
CWE |
Information
Published : 2021-03-19 19:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-20077
Mitre link : CVE-2021-20077
CVE.ORG link : CVE-2021-20077
JSON object : View
Products Affected
tenable
- nessus_agent
CWE