{"containers": {"cna": {"affected": [{"product": "Nessus", "vendor": "n/a", "versions": [{"status": "affected", "version": "Nessus 8.15.2 and earlier"}]}], "descriptions": [{"lang": "en", "value": "Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus)."}], "problemTypes": [{"descriptions": [{"description": "local privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-11-02T23:24:28.000Z", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/tns-2021-18"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2021-20135", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Nessus", "version": {"version_data": [{"version_value": "Nessus 8.15.2 and earlier"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "local privilege escalation"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/tns-2021-18", "refsource": "MISC", "url": "https://www.tenable.com/security/tns-2021-18"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:30:07.575Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/tns-2021-18"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2021-20135", "datePublished": "2021-11-02T23:24:28.000Z", "dateReserved": "2020-12-17T00:00:00.000Z", "dateUpdated": "2024-08-03T17:30:07.575Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "matchCriteriaId": "900022D2-EEAC-4F91-9458-FFCF19255C20", "versionEndIncluding": "8.15.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus)."}, {"lang": "es", "value": "Se ha detectado que Nessus versiones 8.15.2 y anteriores, contienen una vulnerabilidad de escalada de privilegios local que podr\u00eda permitir a un administrador local autenticado ejecutar determinados ejecutables en el host del Agente Nessus. Tenable ha incluido una correcci\u00f3n para este problema en Nessus versi\u00f3n 10.0.0. Los archivos de instalaci\u00f3n pueden obtenerse en el portal de descargas de Tenable (https://www.tenable.com/downloads/nessus)"}], "id": "CVE-2021-20135", "lastModified": "2024-11-21T05:45:59.413", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-03T00:15:07.620", "references": [{"source": "vulnreport@tenable.com", "tags": ["Vendor Advisory"], "url": "https://www.tenable.com/security/tns-2021-18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.tenable.com/security/tns-2021-18"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}