First published: Fri Aug 21 2020(Updated: )
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.
Credit: vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tenable Nessus Amazon Machine Image | <=8.11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-5774 is a vulnerability in Nessus versions 8.11.0 and earlier that allows attackers with local access to login into an existing browser session.
The severity of CVE-2020-5774 is high with a score of 7.1.
CVE-2020-5774 affects Nessus versions 8.11.0 and earlier by maintaining sessions longer than the permitted period, allowing attackers to login into an existing browser session.
No, attackers need local access to exploit CVE-2020-5774.
Yes, it is recommended to update to a version of Nessus that is beyond 8.11.0 to fix CVE-2020-5774.