CVE-2023-5622 - OpenCVE

Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Tenable	Nessus Network Monitor

Configuration 1 [-]

cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:windows:*:*

References

Link	Resource
https://www.tenable.com/security/tns-2023-34	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: tenable

Published: 2023-10-26T16:18:16.410Z

Updated: 2024-06-24T12:51:02.378Z

Reserved: 2023-10-17T19:03:14.686Z

Link: CVE-2023-5622

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-26T17:15:09.773

Modified: 2023-11-07T18:04:15.357

Link: CVE-2023-5622

JSON object: View

Redhat Information

No data.

CWE

CWE-269

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5622", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "state": "PUBLISHED", "assignerShortName": "tenable", "dateReserved": "2023-10-17T19:03:14.686Z", "datePublished": "2023-10-26T16:18:16.410Z", "dateUpdated": "2024-06-24T12:51:02.378Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["Windows"], "product": "Nessus Network Monitor", "vendor": "Tenable", "versions": [{"lessThan": "6.3.0", "status": "affected", "version": "0", "versionType": "6.3.0"}]}], "datePublic": "2023-10-25T19:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nUnder certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\\SYSTEM on Windows hosts by replacing a specially crafted file."}], "value": "\nUnder certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\\SYSTEM on Windows hosts by replacing a specially crafted file."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2023-10-26T16:18:16.410Z"}, "references": [{"url": "https://www.tenable.com/security/tns-2023-34"}], "source": {"advisory": "TNS-2023-34", "discovery": "EXTERNAL"}, "title": "Privilege Escalation ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "tenable", "product": "nessus_network_monitor", "cpes": ["cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:windows:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "6.3.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-22T03:55:30.951388Z", "id": "CVE-2023-5622", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T12:51:02.378Z"}}]}}