Read Time:30 Second

[R1] Nessus Version 8.15.6 Fixes Multiple Vulnerabilities
Arnie Cabral
Tue, 08/09/2022 – 19:14

Two separate vulnerabilities that utilize the Audit functionality in Nessus were discovered, reported and fixed.

1. CVE-2022-32973 – An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.

2. CVE-2022-32974 – An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.

Nessus version 8.15.6 fixes the reported Audit function vulnerabilities.

Read More

More Stories