CVE-2023-2005 - Vulnerability Details - OpenCVE

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 .

This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00065.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Tenable	Nessus Securitycenter Tenable.io

Configuration 1 [-]

OR	cpe:2.3:a:tenable:nessus:-:::::::*
	cpe:2.3:a:tenable:securitycenter:-:::::::*
	cpe:2.3:a:tenable:tenable.io:-:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-33535	Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

Fixes

Solution

The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202306261202.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.tenable.com/security/tns-2023-21

History

Tue, 03 Dec 2024 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-427
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2023-06-26T17:39:56.554Z

Updated: 2024-12-03T18:44:10.535Z

Reserved: 2023-04-12T15:39:04.752Z

Link: CVE-2023-2005

Vulnrichment

Updated: 2024-08-02T06:05:27.147Z

NVD

Status : Modified

Published: 2023-06-26T18:15:09.580

Modified: 2024-12-03T19:15:06.390

Link: CVE-2023-2005

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2005", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "state": "PUBLISHED", "assignerShortName": "tenable", "dateReserved": "2023-04-12T15:39:04.752Z", "datePublished": "2023-06-26T17:39:56.554Z", "dateUpdated": "2024-12-03T18:44:10.535Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Tenable.io", "vendor": "Tenable", "versions": [{"lessThan": "Plugin Feed ID #202306261202 ", "status": "affected", "version": "0", "versionType": "Plugin Feed ID #202306261202 "}]}, {"defaultStatus": "unaffected", "product": "Nessus", "vendor": "Tenable", "versions": [{"lessThan": "Plugin Feed ID #202306261202 ", "status": "affected", "version": "0", "versionType": "Plugin Feed ID #202306261202 "}]}, {"defaultStatus": "unaffected", "product": "Security Center", "vendor": "Tenable", "versions": [{"lessThan": "Plugin Feed ID #202306261202 ", "status": "affected", "version": "0", "versionType": "Plugin Feed ID #202306261202 "}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Patrick Romero - CrowdStrike"}], "datePublic": "2023-06-26T20:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.<p>This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 .</p>This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.\n\n<br>"}], "value": "Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 .\n\nThis vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2023-06-26T17:39:56.554Z"}, "references": [{"url": "https://www.tenable.com/security/tns-2023-21"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nThe updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202306261202.\n\n<br>"}], "value": "\nThe updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202306261202.\n\n\n"}], "source": {"advisory": "TNS-2023-21", "discovery": "EXTERNAL"}, "title": "Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:05:27.147Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.tenable.com/security/tns-2023-21", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-03T18:42:42.640706Z", "id": "CVE-2023-2005", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-03T18:44:10.535Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.tenable.com/security/tns-2023-21", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:05:27.147Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2005", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-03T18:42:42.640706Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-03T18:43:11.515Z"}}], "cna": {"title": "Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability", "source": {"advisory": "TNS-2023-21", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Patrick Romero - CrowdStrike"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Tenable", "product": "Tenable.io", "versions": [{"status": "affected", "version": "0", "lessThan": "Plugin Feed ID #202306261202 ", "versionType": "Plugin Feed ID #202306261202 "}], "defaultStatus": "unaffected"}, {"vendor": "Tenable", "product": "Nessus", "versions": [{"status": "affected", "version": "0", "lessThan": "Plugin Feed ID #202306261202 ", "versionType": "Plugin Feed ID #202306261202 "}], "defaultStatus": "unaffected"}, {"vendor": "Tenable", "product": "Security Center", "versions": [{"status": "affected", "version": "0", "lessThan": "Plugin Feed ID #202306261202 ", "versionType": "Plugin Feed ID #202306261202 "}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nThe updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202306261202.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nThe updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202306261202.\n\n<br>", "base64": false}]}], "datePublic": "2023-06-26T20:00:00.000Z", "references": [{"url": "https://www.tenable.com/security/tns-2023-21"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 .\n\nThis vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.<p>This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 .</p>This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.\n\n<br>", "base64": false}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2023-06-26T17:39:56.554Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2005", "state": "PUBLISHED", "dateUpdated": "2024-12-03T18:44:10.535Z", "dateReserved": "2023-04-12T15:39:04.752Z", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "datePublished": "2023-06-26T17:39:56.554Z", "assignerShortName": "tenable"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:nessus:-:*:*:*:*:*:*:*", "matchCriteriaId": "3EEA2071-B520-44B1-9320-198E3D264721", "vulnerable": true}, {"criteria": "cpe:2.3:a:tenable:securitycenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "772F9C28-5F96-4962-B2A4-2045B3C82008", "vulnerable": true}, {"criteria": "cpe:2.3:a:tenable:tenable.io:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C740060-086C-4893-BAF2-6BB423252956", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 .\n\nThis vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.\n\n\n"}], "id": "CVE-2023-2005", "lastModified": "2024-12-03T19:15:06.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 5.9, "source": "vulnreport@tenable.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-26T18:15:09.580", "references": [{"source": "vulnreport@tenable.com", "tags": ["Vendor Advisory"], "url": "https://www.tenable.com/security/tns-2023-21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.tenable.com/security/tns-2023-21"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}