Platform
other
Component
nessus-agent-plugin
Fixed in
#202403142053
#202403142053
CVE-2024-2390 describes a Privilege Escalation vulnerability discovered within the Nessus Agent Plugin. This flaw allows a malicious actor with sufficient permissions on a scan target to potentially escalate their privileges by placing a binary in a specific filesystem location and exploiting the plugin. The vulnerability affects versions 0–#202403142053, and a patch is available in version #202403142053.
Successful exploitation of CVE-2024-2390 could grant an attacker elevated privileges on the targeted system. This could allow them to bypass security controls, access sensitive data, install malware, or even gain complete control of the system. The specific impact depends on the permissions the attacker already possesses and the capabilities of the binary they place. This vulnerability highlights the importance of securing scan targets and ensuring that only trusted binaries are present on those systems. The ability to escalate privileges within a scanning environment could also be leveraged to compromise other systems within the network.
CVE-2024-2390 was disclosed publicly on March 18, 2024. The vulnerability was reported through Tenable’s vulnerability disclosure program. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation, but the potential for privilege escalation suggests a potential for exploitation. Monitor security advisories and threat intelligence feeds for any updates regarding active exploitation campaigns.
Exploit Status
EPSS
0.07% (22% percentile)
CVSS Vector
The primary mitigation for CVE-2024-2390 is to upgrade the Nessus Agent Plugin to version #202403142053 or later. This patched version addresses the vulnerability by preventing the malicious placement and exploitation of binaries. Prior to upgrading, assess the potential impact on existing scans and ensure compatibility with the Nessus scanner. If an immediate upgrade is not feasible, consider restricting file system access on scan targets to prevent unauthorized binary placement. Regularly review file system permissions and audit logs for suspicious activity.
Actualice el Nessus Agent a la versión #202403142053 o posterior. Esta actualización corrige la vulnerabilidad de escalada de privilegios. Consulte el aviso de seguridad de Tenable para obtener más detalles.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-2390 is a vulnerability in the Nessus Agent Plugin that allows an attacker to escalate privileges by placing a malicious binary. It has a HIGH severity rating and affects versions 0–#202403142053.
You are affected if you are using Nessus Agent Plugin versions 0–#202403142053. Check your version and upgrade immediately if vulnerable.
Upgrade to version #202403142053 or later to remediate the vulnerability. Ensure compatibility before upgrading.
Currently, there are no publicly available proof-of-concept exploits, but the potential for privilege escalation warrants caution.
Refer to the official Tenable security advisory for detailed information and updates: [https://www.tenable.com/security/research/advisories/CVE-2024-2390](https://www.tenable.com/security/research/advisories/CVE-2024-2390)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.