Executive Summary

This vulnerability affects the installation and uninstallation process of the Nessus Agent Tray App on Windows hosts. It allows an attacker with local access and low privileges to escalate their privileges, potentially gaining higher-level access on the affected system. The issue exists in Nessus Agent versions prior to 10.9.3 and versions 11.0.0 through 11.0.2. [1]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to privilege escalation on Windows hosts running the affected Nessus Agent Tray App versions. This means an attacker with limited access could gain elevated privileges, potentially compromising the confidentiality, integrity, and availability of the system and its data. [1]

Useful 0 Not Useful 0

Detection Guidance

Detection can be performed by identifying Nessus Agent versions installed on Windows hosts. Specifically, check if the version is prior to 10.9.3 or between 11.0.0 and 11.0.2, which are vulnerable. Commands to check the installed Nessus Agent version on Windows include: 1) Using PowerShell: Get-ItemProperty 'HKLM:\Software\Tenable\Nessus Agent' | Select-Object -ExpandProperty Version 2) Using Command Prompt: sc qc "NessusAgent" and check the version information. If the version matches the vulnerable range, the system is affected. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the Nessus Agent on all affected Windows hosts to version 10.9.3 or later, or to version 11.0.3 or later, as these versions contain the fix for the vulnerability. Tenable strongly recommends applying these updates promptly to prevent privilege escalation risks. [1]

Useful 0 Not Useful 0