Nessus Client 4.x < 4.2.0 QtWeb Path Subversion DLL Injection Local Code Execution

high Nessus Plugin ID 89028

Synopsis

The remote Nessus Client is affected by a local code execution vulnerability.

Description

According to its version, the installation of Tenable Nessus Client on the remote Windows host is version 4.x prior to 4.2.0. It is, therefore, affected by a local code execution vulnerability in the bundled version of QtWeb. QtWeb loads dynamic-link libraries using a fixed path to look for specific files or libraries. A local attacker can exploit this by placing a custom DLL file in the path, resulting in the execution of arbitrary code.

Solution

Upgrade to the current release of Nessus and uninstall the Nessus Client.

See Also

https://www.tenable.com/security/tns-2010-03

https://seclists.org/fulldisclosure/2010/Aug/386

https://seclists.org/bugtraq/2010/Oct/231

Plugin Details

Severity: High

ID: 89028

File Name: nessus_tns_2010_03.nbin

Version: 1.147

Type: local

Agent: windows

Family: Windows

Published: 2/29/2016

Updated: 5/3/2022

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.4

Temporal Score: 7.3

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:tenable:nessus

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 11/30/2009

Vulnerability Publication Date: 8/29/2010

Reference Information

CVE: CVE-2010-5247

BID: 42828