Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token.
References
Link | Resource |
---|---|
https://www.tenable.com/security/tns-2021-04-0 | Patch Vendor Advisory |
https://www.tenable.com/security/tns-2021-07 | Not Applicable Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: tenable
Published: 2021-03-19T18:46:43
Updated: 2022-09-23T13:48:31
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20077
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-19T19:15:13.497
Modified: 2022-10-28T14:28:52.420
Link: CVE-2021-20077
JSON object: View
Redhat Information
No data.
CWE