Tenable Nessus 6.8.x < 6.10.2 Arbitrary File Upload (TNS-2017-06)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application running on the remote Windows host is affected by an
arbitrary file upload vulnerability.

Description :

According to its self-reported version, the Tenable Nessus application
running on the remote host is 6.8.x, 6.9.x, or 6.10.x prior to 6.10.2.
It is, therefore, affected by an arbitrary file upload vulnerability
due to an unspecified flaw. An authenticated, remote attacker can
exploit this to upload a specially crafted file to an arbitrary system
location.

See also :

http://www.tenable.com/security/tns-2017-06

Solution :

Upgrade to Tenable Nessus version 6.10.2 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:N)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 99440 ()

Bugtraq ID: 96418

CVE ID: CVE-2017-6543

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now