Tenable Nessus < 7.0.3 Sub-directory Missing Secure Permission Local Privilege Escalation (TNS-2018-01)
Medium Nessus Plugin ID 108689
SynopsisAn application running on the remote host is affected by a local privilege escalation vulnerability.
DescriptionAccording to its self-reported version, the Tenable Nessus application running on the remote host is prior to 7.0.3. It is, therefore, affected by a local privilege escalation vulnerability due to the program failing to enforce secure permissions for sub-directories when a directory is installed outside of the default location.
This plugin is only checking the remote version and has not checked for installation location.
SolutionUpgrade to Tenable Nessus version 7.0.3 or later.