CVE-2021-20100 - OpenCVE

Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Tenable	Nessus

Configuration 1 [-]

AND

cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.tenable.com/security/tns-2021-12

History

No history.

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2021-06-28T10:29:19

Updated: 2024-08-03T17:30:07.663Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20100

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-28T11:15:07.917

Modified: 2022-07-12T17:42:04.277

Link: CVE-2021-20100

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Nessus Agent", "vendor": "n/a", "versions": [{"status": "affected", "version": "Nessus Agent 8.2.4 and earlier"}]}], "descriptions": [{"lang": "en", "value": "Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099."}], "problemTypes": [{"descriptions": [{"description": "Local Privilege Escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-28T10:29:19", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/tns-2021-12"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2021-20100", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Nessus Agent", "version": {"version_data": [{"version_value": "Nessus Agent 8.2.4 and earlier"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Local Privilege Escalation"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/tns-2021-12", "refsource": "MISC", "url": "https://www.tenable.com/security/tns-2021-12"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:30:07.663Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/tns-2021-12"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2021-20100", "datePublished": "2021-06-28T10:29:19", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:30:07.663Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCC3231E-E047-4A61-9855-4714313E6B35", "versionEndExcluding": "8.2.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099."}, {"lang": "es", "value": "Se ha detectado que Nessus Agent versiones 8.2.4 y anteriores para Windows contienen m\u00faltiples vulnerabilidades de escalada de privilegios local que podr\u00edan permitir a un administrador local autenticado ejecutar determinados ejecutables de Windows como el host de Nessus. Esto es diferente de CVE-2021-20099"}], "id": "CVE-2021-20100", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-28T11:15:07.917", "references": [{"source": "vulnreport@tenable.com", "tags": ["Vendor Advisory"], "url": "https://www.tenable.com/security/tns-2021-12"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}