Read Time:30 Second
[R1] Nessus Version 8.15.6 Fixes Multiple Vulnerabilities
Arnie Cabral
Tue, 08/09/2022 – 19:14
Two separate vulnerabilities that utilize the Audit functionality in Nessus were discovered, reported and fixed.
1. CVE-2022-32973 – An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
2. CVE-2022-32974 – An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
Nessus version 8.15.6 fixes the reported Audit function vulnerabilities.