Primary

Context

Tenable Nessus Agent Local Privilege Escalation Vulnerability

Vulnerability

Patched

A local privilege escalation vulnerability exists in Tenable Nessus Agent for Windows, specifically in versions prior to 10.8.3. When installed in a non-default location, these versions failed to apply secure permissions to sub-directories. This oversight could allow users to escalate privileges locally, provided they had not already secured the directories in the chosen installation path.

Impact

Exploitation of this vulnerability could lead to unauthorized local privilege escalation on the affected Windows host.

Remediation

Users can upgrade to Tenable Nessus Agent version 10.8.3, which addresses this vulnerability. The updated version is available for download from the Tenable Downloads Portal.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenable Nessus Agent Local Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Tenable Nessus Agent

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating