High-Severity Vulnerabilities Patched in Tenable Nessus Agent

High-Severity Vulnerabilities Patched in Tenable Nessus Agent

Posted on By CWS

Tenable has launched patches for 3 high-severity vulnerabilities in Nessus Agent for Home windows that may very well be exploited to carry out file operations and execute code with elevated privileges.

Tracked as CVE-2025-36631 (CVSS rating of 8.4), the primary bug might permit customers logged in to non-administrative accounts to overwrite arbitrary native system recordsdata with log content material, with System privileges.

The second flaw, CVE-2025-36632 (CVSS rating of seven.8), permits non-administrative customers to execute arbitrary code with System privileges.

Lastly, CVE-2025-36633 (CVSS rating of 8.8) permits customers in a non-administrative place to arbitrarily delete native system recordsdata, additionally with System privileges.

Profitable exploitation of the difficulty might permit customers to escalate their privileges on the affected machine, Tenable says.

The three vulnerabilities affect Nessus Agent variations 10.8.4 and earlier and have been resolved with the discharge of model 10.8.5, which is obtainable from Tenable’s obtain portal.

The corporate makes no point out of any of those vulnerabilities being exploited within the wild, however customers are suggested to replace their deployments as quickly as doable.

Tenable Nessus brokers are light-weight packages put in regionally to gather info from belongings. They can be utilized to scan for safety defects, compliance points, and different sorts of info.Commercial. Scroll to proceed studying.

In early January, Tenable disabled agent variations 10.8.0 and 10.8.1, after discovering that they have been going offline following a differential plugin replace. The corporate instructed SecurityWeek on the time that it was not a safety incident and that no buyer was adversely impacted.

Associated: Essential Vulnerabilities Patched in Pattern Micro Apex Central, Endpoint Encryption

Associated: Palo Alto Networks Patches Privilege Escalation Vulnerabilities

Associated: Fortinet, Ivanti Patch Excessive-Severity Vulnerabilities

Associated: Cisco Patches Essential ISE Vulnerability With Public PoC

Security Week News Tags:, , , , ,

Related Posts

Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the US Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the US Security Week News
Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack Security Week News
Anthropic MCP Server Flaws Lead to Code Execution, Data Exposure Anthropic MCP Server Flaws Lead to Code Execution, Data Exposure Security Week News
Healthcare Services Group Data Breach Impacts 624,000 Healthcare Services Group Data Breach Impacts 624,000 Security Week News
Japan, Britain to Boost Cybersecurity and Critical Minerals Cooperation as China’s Influence Grows Japan, Britain to Boost Cybersecurity and Critical Minerals Cooperation as China’s Influence Grows Security Week News
Man Who Hacked Organizations to Advertise Security Services Pleads Guilty Man Who Hacked Organizations to Advertise Security Services Pleads Guilty Security Week News