Vulnerability Details : CVE-2023-0524
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customersā environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055.
Vulnerability category: Gain privilege
Products affected by CVE-2023-0524
- cpe:2.3:a:tenable:nessus:-:*:*:*:*:*:*:*
- cpe:2.3:a:tenable:tenable.sc:-:*:*:*:*:*:*:*
- cpe:2.3:a:tenable:tenable.io:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0524
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0524
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2023-0524
-
https://www.tenable.com/security/tns-2023-04
[R1] Tenable Plugin Feed ID #202212212055 Fixes Privilege Escalation Vulnerability - Security Advisory | TenableĀ®Vendor Advisory
Jump to