Primary

Context

Tenable Agent Code Execution Vulnerability with SYSTEM Privileges on Windows

Vulnerability

Patched

A vulnerability in Tenable Agent for Windows, affecting versions prior to 10.8.5, allows non-administrative users to execute code with SYSTEM privileges. This issue could lead to unauthorized access or modifications at a high privilege level, potentially allowing for further exploitation or damage.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with SYSTEM privileges, enabling a non-administrative user to perform actions or access resources that are typically restricted.

Remediation

Users can upgrade to Tenable Agent version 10.8.5 to address this vulnerability. The installation files are available from the Tenable Downloads Portal.

Added: Jun 16, 2025, 2:18 PM

Updated: Jun 16, 2025, 2:18 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

10.0

exploitability

3.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

10.0

exploitability

3.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenable Agent Code Execution Vulnerability with SYSTEM Privileges on Windows

Vulnerability

Impact

Remediation

Affected Products

Tenable Agent

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating