OpenCVE

Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tenable	Nessus

Configuration 1 [-]

cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.tenable.com/security/tns-2020-06

History

No history.

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2020-08-21T12:23:40

Updated: 2024-08-04T08:39:25.874Z

Reserved: 2020-01-06T00:00:00

Link: CVE-2020-5774

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-08-21T13:15:14.333

Modified: 2024-11-21T05:34:34.677

Link: CVE-2020-5774

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Tenable Nessus", "vendor": "n/a", "versions": [{"status": "affected", "version": "< 8.11.1"}]}], "descriptions": [{"lang": "en", "value": "Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session."}], "problemTypes": [{"descriptions": [{"description": "Insufficient Session Expiration", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-21T12:23:40", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/tns-2020-06"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2020-5774", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Tenable Nessus", "version": {"version_data": [{"version_value": "< 8.11.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient Session Expiration"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/tns-2020-06", "refsource": "MISC", "url": "https://www.tenable.com/security/tns-2020-06"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:39:25.874Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/tns-2020-06"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2020-5774", "datePublished": "2020-08-21T12:23:40", "dateReserved": "2020-01-06T00:00:00", "dateUpdated": "2024-08-04T08:39:25.874Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "matchCriteriaId": "79D27088-4B9E-4FAE-8EA3-2462915E0B55", "versionEndIncluding": "8.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session."}, {"lang": "es", "value": "Se detect\u00f3 que Nessus versiones 8.11.0 y anteriores, manten\u00eda sesiones m\u00e1s largas que el per\u00edodo permitido en determinados escenarios. La falta de una expiraci\u00f3n apropiada de la sesi\u00f3n podr\u00eda permitir a atacantes con acceso local iniciar sesi\u00f3n en una sesi\u00f3n de navegador existente."}], "id": "CVE-2020-5774", "lastModified": "2024-11-21T05:34:34.677", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-21T13:15:14.333", "references": [{"source": "vulnreport@tenable.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.tenable.com/security/tns-2020-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.tenable.com/security/tns-2020-06"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}]}