Home

CVE-2022-32974

Description

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.328

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-32973,CVE-2022-32974 are affected in Nessus Agent (x64) 10.1.9Windows
Vulnerabilities CVE-2022-32973,CVE-2022-32974,CVE-2022-33757,CVE-2023-0101 are affected in Nessus Agent (x64) 8.15.3Windows
Vulnerabilities CVE-2022-32973,CVE-2022-32974 are affected in Nessus Agent 10.1.9Windows
Vulnerabilities CVE-2022-32973,CVE-2022-32974,CVE-2022-33757,CVE-2023-0101 are affected in Nessus Agent 8.15.3Windows
Vulnerabilities CVE-2022-32973,CVE-2022-32974 are fixed in Nessus Agent 8.3.4Windows
Vulnerabilities CVE-2022-32973,CVE-2022-32974 are fixed in Nessus Agent (10.1.4.20122)Windows
Vulnerabilities CVE-2022-32973,CVE-2022-32974 are fixed in Nessus Agent (x64) (10.1.4.20122)Windows
Vulnerabilities CVE-2022-32974,CVE-2022-32973 are fixed in Nessus 8.15.6Windows
Multiple vulnerabilities are fixed in Nessus Agent (x64) (10.2.0.20130)Windows
Multiple vulnerabilities are fixed in Nessus Agent (10.2.0.20130)Windows
Vulnerabilities CVE-2022-32974,CVE-2022-32973 are fixed in Tenable Nessus 8.15.6Windows
Multiple vulnerabilities are fixed in Tenable Nessus 10.2.0Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343100Nessus Agent (x64) (10.8.0)
PATCH-343100Nessus Agent (x64) (10.8.0)
PATCH-343099Nessus Agent (10.8.0)
PATCH-343099Nessus Agent (10.8.0)
PATCH-337447Nessus Agent (10.6.1)
PATCH-337447Nessus Agent (10.6.1)
PATCH-337448Nessus Agent (x64) (10.6.1)
PATCH-346982Nessus Agent (x64) (10.8.4) (Manual Upload Required)
PATCH-346981Nessus Agent (10.8.4) (Manual Upload Required)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234