Priv Esc via Nessus Plugin CVE-2024-2390
CVE-2024-2390 Published on March 18, 2024

As a part of Tenables vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

NVD

Vulnerability Analysis

CVE-2024-2390 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Improper Privilege Management

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.


Products Associated with CVE-2024-2390

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-2390 are published in Tenable Nessus:

Tenable Nessus
 

Affected Versions

Tenable Nessus Agent: Tenable Nessus: tenable nessus_agent: tenable nessus:

Exploit Probability

EPSS
0.07%
Percentile
21.38%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.