Nessus Vulnerability Let Attackers Alter Rules Variables

An arbitrary file write vulnerability has been chanced on in Nessus, which enables an authenticated, faraway attacker to operate a denial of carrier situation on affected installations. This vulnerability has been assigned with CVE-2023-6062, and a severity ranking was as soon as added.

Nessus has launched patches to repair this vulnerability and has entreated its users to patch them accordingly.

CVE-2023-6062: Arbitrary File Write Vulnerability in Nessus

This vulnerability enables an authenticated, faraway attacker with administrative privileges on a Nessus application to alter Nessus Principles variables and overwrite arbitrary files on the faraway host that might trigger denial of carrier conditions.

Ammarit Thongthua and Sarun Pornjarungsak of the Receive D Overview Group reported this vulnerability. The severity ranking for this vulnerability is 6.8 (Medium).

There isn’t any longer in any respect times any evidence of this vulnerability being exploited by threat actors in the wild, nor has a publicly readily accessible exploit been came upon.

Primarily based on Nessus, Tenable first reported this vulnerability on Twenty sixth October and was as soon as confirmed to be valid on 30th October 2023. CVE-2023-6062 was as soon as requested, and the rep was as soon as calculated on 09-11-2023. Nessus acted impulsively upon this file and patched this vulnerability on 16th November 2023.

Products of Nessus littered with this vulnerability embody your total Nessus 10.5.6 and earlier installations. To repair this vulnerability, users are suggested to upgrade to version 10.5.7 or later versions (10.6.3) to live this vulnerability from getting exploited by threat actors.