Learn about CVE-2020-5774 affecting Tenable Nessus versions < 8.11.1. Discover the impact, technical details, and mitigation steps for this Insufficient Session Expiration vulnerability.
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios, potentially allowing attackers with local access to login into an existing browser session.
Understanding CVE-2020-5774
This CVE involves an Insufficient Session Expiration vulnerability in Tenable Nessus.
What is CVE-2020-5774?
CVE-2020-5774 highlights a security issue in Nessus versions 8.11.0 and below, where sessions are not properly expired, enabling unauthorized access.
The Impact of CVE-2020-5774
The vulnerability could lead to unauthorized access by attackers with local access, compromising the security of the affected systems.
Technical Details of CVE-2020-5774
This section provides more technical insights into the vulnerability.
Vulnerability Description
Nessus versions 8.11.0 and earlier fail to terminate sessions within the allowed timeframe, potentially enabling unauthorized access.
Affected Systems and Versions
Exploitation Mechanism
Attackers with local access can exploit the lack of session expiration to gain unauthorized entry into existing browser sessions.
Mitigation and Prevention
Protecting systems from CVE-2020-5774 requires immediate actions and long-term security practices.
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates
Ensure timely installation of security patches and updates for Nessus to address known vulnerabilities and enhance system security.