CVE-2023-5847 MEDIUM

CVE-2023-5847

Vendor Tenable

Product Nessus

Weakness CWE-269

Published November 1, 2023

Last update September 5, 2024

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.

Key dates

02Disclosure timeline

November 1, 2023 CVE published

September 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-5847 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

04Related CVE

CVE-2017-20072 Hindu Matrimonial Script generalsettings.php privileges management CVE-2025-4601 RH - Real Estate WordPress Theme <= 4.4.0 - Authenticated (Subscriber+) Privilege Escalation CVE-2026-8176 LatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDOR in OsOrdersController::create_or_update + Unauthenticated Customer-Cabinet Password Reset CVE-2024-41666 The Argo CD web terminal session does not handle the revocation of user permissions properly. CVE-2025-3278 UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation

Identifiers

CVE CVE-2023-5847

CWE CWE-269

CVSS 6.7 / MEDIUM

Affected versions

Vendor Tenable

Product Nessus

Affected < 10.6.2

Vendor Tenable

Product Nessus Agent

Affected < 10.4.3