CVE-2024-2390 HIGH

CVE-2024-2390: Local Privilege Escalation

Vendor Tenable

Product Nessus Agent

Weakness CWE-269

Published March 18, 2024

Last update August 21, 2024

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

Key dates

02Disclosure timeline

March 18, 2024 CVE published

August 21, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-2390 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

Identifiers

CVE CVE-2024-2390

CWE CWE-269

CVSS 7.8 / HIGH

Affected versions

Vendor Tenable

Product Nessus Agent

Affected < #202403142053

Vendor Tenable

Product Nessus

Affected < #202403142053

CVE-2024-2390: Local Privilege Escalation

01Description

02Disclosure timeline

03References

04Related CVE