Tenable Nessus Agent 6.10.x < 6.10.5 Multiple Vulnerabilities (TNS-2017-10)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote Windows host is affected
by multiple vulnerabilities.

Description :

The version of Nessus Agent installed on the remote Windows host is
6.10.x prior to 6.10.5. It is, therefore, affected by the following
vulnerabilities :

- A denial of service vulnerability exists in the agent
mode functionality due to insecure permissions. An
authenticated, remote attacker can exploit this, via a
specially crafted sequence of events, to prevent the
agent from conducting scans. (CVE-2017-7849)

- A local privilege escalation vulnerability exists in the
agent mode functionality due to insecure permissions. A
local attacker can exploit this, via a specially crafted
sequence of events, to gain elevated privileges.
(CVE-2017-7850)

See also :

http://www.tenable.com/security/tns-2017-10

Solution :

Upgrade to Tenable Nessus Agent version 6.10.5 or later.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 100573 ()

Bugtraq ID: 97951
97952

CVE ID: CVE-2017-7849
CVE-2017-7850

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now