CVE-2023-2005

Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability

Description

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

Remediation

Solution:

The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202306261202.

References

Link	Tags
https://www.tenable.com/security/tns-2023-21	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-2005?: CVE-2023-2005 has been scored as a medium severity vulnerability.
How to fix CVE-2023-2005?: To fix CVE-2023-2005: The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202306261202.
Is CVE-2023-2005 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-2005 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-2005?: CVE-2023-2005 affects Tenable Tenable.io, Tenable Nessus, Tenable Security Center.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Remediation

Category

CWE-427 – Uncontrolled Search Path Element

References

Frequently Asked Questions