Two separate vulnerabilities that utilize the Audit functionality in Nessus were discovered, reported and fixed.
1. CVE-2022-32973 – An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
2. CVE-2022-32974 – An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
Nessus version 8.15.6 fixes the reported Audit function vulnerabilities.
Update to upstream 2.1-37. 20220809
Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015d
up to 0x100015e;
Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode from
revision 0x2006d05 up to 0x2006e05;
Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000363
up to 0xd000375;
Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x3a up
to 0x3c;
Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1e up
to 0x20;
Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xb0
up to 0xb2;
Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x26 up
to 0x28;
Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3e up
to 0x40;
Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode from revision
0x1f up to 0x22;
Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) from revision 0x1f up to 0x22;
Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x1f up to 0x22;
Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x1f up to 0x22;
Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-97-05) from revision 0x1f up to 0x22;
Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode from revision 0x1f
up to 0x22;
Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x1f up to 0x22;
Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x1f up to 0x22;
Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
0x41c up to 0x421;
Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) from revision 0x41c up to 0x421;
Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) from revision 0x41c up to 0x421;
Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x41c
up to 0x421;
Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x53 up
to 0x54;
Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-02) from revision 0x1f up to 0x22;
Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) from revision 0x1f up to 0x22;
Update of 06-bf-02/0x03 (ADL C0) microcode from revision 0x1f up
to 0x22;
Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02)
from revision 0x1f up to 0x22;
Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-05) from revision 0x1f up to 0x22;
Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) from revision 0x1f up to 0x22;
Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05)
from revision 0x1f up to 0x22;
Update of 06-bf-05/0x03 (ADL C0) microcode from revision 0x1f up
to 0x22.
Addresses CVE-2022-21233
Update to upstream 2.1-37. 20220809
Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015d
up to 0x100015e;
Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode from
revision 0x2006d05 up to 0x2006e05;
Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000363
up to 0xd000375;
Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x3a up
to 0x3c;
Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1e up
to 0x20;
Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xb0
up to 0xb2;
Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x26 up
to 0x28;
Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3e up
to 0x40;
Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode from revision
0x1f up to 0x22;
Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) from revision 0x1f up to 0x22;
Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x1f up to 0x22;
Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x1f up to 0x22;
Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-97-05) from revision 0x1f up to 0x22;
Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode from revision 0x1f
up to 0x22;
Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x1f up to 0x22;
Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x1f up to 0x22;
Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
0x41c up to 0x421;
Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) from revision 0x41c up to 0x421;
Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) from revision 0x41c up to 0x421;
Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x41c
up to 0x421;
Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x53 up
to 0x54;
Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-02) from revision 0x1f up to 0x22;
Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) from revision 0x1f up to 0x22;
Update of 06-bf-02/0x03 (ADL C0) microcode from revision 0x1f up
to 0x22;
Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02)
from revision 0x1f up to 0x22;
Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-05) from revision 0x1f up to 0x22;
Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) from revision 0x1f up to 0x22;
Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05)
from revision 0x1f up to 0x22;
Update of 06-bf-05/0x03 (ADL C0) microcode from revision 0x1f up
to 0x22.
Addresses CVE-2022-21233