CVE-2021-20100
Description
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099.
Risk Information
Base Score
6.7
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.063
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-20099,CVE-2021-20100 are affected in Nessus Agent (x64) 8.2.4 | Windows |
| Vulnerabilities CVE-2021-20099,CVE-2021-20100 are affected in Nessus Agent 8.2.4 | Windows |
| Vulnerabilities CVE-2021-20099,CVE-2021-20100 are fixed in Nessus Agent (8.2.5.20051) | Windows |
| Vulnerabilities CVE-2021-20099,CVE-2021-20100 are fixed in Nessus Agent (x64) (8.2.5.20051) | Windows |
| Vulnerabilities CVE-2018-20843,CVE-2019-15903,CVE-2019-16168,CVE-2021-20099,CVE-2021-20100 are fixed in Nessus 8.15.0 | Windows |
| Vulnerabilities CVE-2018-20843,CVE-2019-15903,CVE-2019-16168,CVE-2021-20099,CVE-2021-20100 are fixed in Tenable Nessus 8.15.0 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-343100 | Nessus Agent (x64) (10.8.0) |
| PATCH-343099 | Nessus Agent (10.8.0) |
| PATCH-337447 | Nessus Agent (10.6.1) |
| PATCH-337448 | Nessus Agent (x64) (10.6.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234