CVE-2020-5774
First published: Fri Aug 21 2020(Updated: )
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenable Nessus Amazon Machine Image | <=8.11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-5774?
CVE-2020-5774 is a vulnerability in Nessus versions 8.11.0 and earlier that allows attackers with local access to login into an existing browser session.
What is the severity of CVE-2020-5774?
The severity of CVE-2020-5774 is high with a score of 7.1.
How does CVE-2020-5774 affect Nessus?
CVE-2020-5774 affects Nessus versions 8.11.0 and earlier by maintaining sessions longer than the permitted period, allowing attackers to login into an existing browser session.
Can attackers exploit CVE-2020-5774 remotely?
No, attackers need local access to exploit CVE-2020-5774.
Is there a fix for CVE-2020-5774?
Yes, it is recommended to update to a version of Nessus that is beyond 8.11.0 to fix CVE-2020-5774.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/description
- agent/remedy
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/tenable
- canonical/tenable nessus amazon machine image
- version/tenable nessus amazon machine image/8.11.0