Denial of service in Tenable Nessus
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-6062 |
| CWE-ID | CWE-434 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Tenable Nessus Client/Desktop applications / Software for system administration |
| Vendor | Tenable Network Security |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Arbitrary file upload
EUVDB-ID: #VU83307
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6062
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of file during file upload. A remote user with administrative privileges can alter Nessus Rules variables and overwrite arbitrary files on the remote host, leading to denial of service.
Install updates from vendor's website.
Vulnerable software versionsTenable Nessus: 10.5.0 - 10.6.2
CPE2.3- cpe:2.3:a:tenable_network_security:tenable_nessus:10.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:tenable_network_security:tenable_nessus:10.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:tenable_network_security:tenable_nessus:10.5.2:*:*:*:*:*:*:*
https://www.tenable.com/security/tns-2023-39
https://www.tenable.com/security/tns-2023-40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
