CVE-2021-20135 : What You Need to Know

Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability that could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has released a fix for this issue in version 10.0.0.

Understanding CVE-2021-20135

This section provides insights into the CVE-2021-20135 vulnerability affecting Nessus.

What is CVE-2021-20135?

CVE-2021-20135 is a local privilege escalation vulnerability in Nessus versions 8.15.2 and earlier that could be exploited by a local authenticated administrator.

The Impact of CVE-2021-20135

This vulnerability could allow an attacker to execute specific executables on the Nessus Agent host, potentially leading to unauthorized access and control.

Technical Details of CVE-2021-20135

Here are the technical aspects related to CVE-2021-20135.

Vulnerability Description

The vulnerability in Nessus versions 8.15.2 and earlier enables a local administrator to escalate privileges and run specific executables on the agent host.

Affected Systems and Versions

Nessus versions 8.15.2 and earlier are impacted by this vulnerability, highlighting the importance of updating to version 10.0.0.

Exploitation Mechanism

An authenticated local administrator can exploit this vulnerability to gain unauthorized access and execute commands on the affected host.

Mitigation and Prevention

Learn how to protect your system against CVE-2021-20135.

Immediate Steps to Take

Upgrade Nessus to version 10.0.0 to mitigate the risk of local privilege escalation.

Long-Term Security Practices

Implement strict access controls and regular security updates to prevent similar vulnerabilities in the future.

Patching and Updates

Stay updated with security patches and advisories provided by Tenable to address known vulnerabilities effectively.