Sign-up

ID

VAR-201803-1737


CVE

CVE-2018-1141


TITLE

Nessus Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-003374

DESCRIPTION

When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. Nessus Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TenableNetworkSecurityNessus is an open source vulnerability scanner with strong scalability from TenableNetworkSecurity. A security vulnerability exists in TenableNetworkSecurityNessus. A local attacker could exploit this vulnerability to increase privileges

Trust: 2.16

sources: NVD: CVE-2018-1141 // JVNDB: JVNDB-2018-003374 // CNVD: CNVD-2018-06265

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-06265

AFFECTED PRODUCTS

vendor:tenablemodel:nessusscope:ltversion:7.0.3

Trust: 1.8

vendor:tenablemodel:network security nessusscope:ltversion:7.0.3

Trust: 0.6

vendor:tenablemodel:nessusscope:eqversion:6.10.6

Trust: 0.6

vendor:tenablemodel:nessusscope:eqversion:6.9.3

Trust: 0.6

vendor:tenablemodel:nessusscope:eqversion:6.10.9

Trust: 0.6

vendor:tenablemodel:nessusscope:eqversion:6.10.0

Trust: 0.6

vendor:tenablemodel:nessusscope:eqversion:6.10.5

Trust: 0.6

vendor:tenablemodel:nessusscope:eqversion:6.10.8

Trust: 0.6

vendor:tenablemodel:nessusscope:eqversion:6.10.4

Trust: 0.6

vendor:tenablemodel:nessusscope:eqversion:6.10.7

Trust: 0.6

vendor:tenablemodel:nessusscope:eqversion:6.10.3

Trust: 0.6

vendor:tenablemodel:nessusscope:eqversion:6.10.2

Trust: 0.6

sources: CNVD: CNVD-2018-06265 // JVNDB: JVNDB-2018-003374 // CNNVD: CNNVD-201803-702 // NVD: CVE-2018-1141

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1141
value: HIGH

Trust: 1.0

NVD: CVE-2018-1141
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-06265
value: LOW

Trust: 0.6

CNNVD: CNNVD-201803-702
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-1141
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-06265
severity: LOW
baseScore: 3.0
vectorString: AV:L/AC:M/AU:S/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 2.7
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-1141
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-06265 // JVNDB: JVNDB-2018-003374 // CNNVD: CNNVD-201803-702 // NVD: CVE-2018-1141

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2018-003374 // NVD: CVE-2018-1141

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201803-702

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201803-702

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003374

PATCH
title:[R2] Nessus 7.0.3 Fixes One Vulnerabilityurl:https://www.tenable.com/security/tns-2018-01
Trust: 0.8
title:TenableNetworkSecurityNessus privilege escalation vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/123031
Trust: 0.6
title:Tenable Network Security Nessus Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79304
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-06265 // 
            
            
            
            JVNDB: JVNDB-2018-003374 // 
            
            
            
            CNNVD: CNNVD-201803-702

EXTERNAL IDS
db:NVDid:CVE-2018-1141
Trust: 3.0
db:TENABLEid:TNS-2018-01
Trust: 2.2
db:SECTRACKid:1040557
Trust: 1.6
db:JVNDBid:JVNDB-2018-003374
Trust: 0.8
db:CNVDid:CNVD-2018-06265
Trust: 0.6
db:CNNVDid:CNNVD-201803-702
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-06265 // 
            
            
            
            JVNDB: JVNDB-2018-003374 // 
            
            
            
            CNNVD: CNNVD-201803-702 // 
            
            
            
            NVD: CVE-2018-1141

REFERENCES
url:https://www.tenable.com/security/tns-2018-01
Trust: 2.2
url:http://www.securitytracker.com/id/1040557
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1141
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1141
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-06265 // 
            
            
            
            JVNDB: JVNDB-2018-003374 // 
            
            
            
            CNNVD: CNNVD-201803-702 // 
            
            
            
            NVD: CVE-2018-1141

SOURCES
db:CNVDid:CNVD-2018-06265
db:JVNDBid:JVNDB-2018-003374
db:CNNVDid:CNNVD-201803-702
db:NVDid:CVE-2018-1141

LAST UPDATE DATE
2024-11-23T21:53:18.416000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06265date:2018-03-26T00:00:00
db:JVNDBid:JVNDB-2018-003374date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-702date:2019-10-23T00:00:00
db:NVDid:CVE-2018-1141date:2024-11-21T03:59:16.447

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-06265date:2018-03-26T00:00:00
db:JVNDBid:JVNDB-2018-003374date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-702date:2018-03-21T00:00:00
db:NVDid:CVE-2018-1141date:2018-03-20T18:29:00.320