CVE-2020-5794
First published: Fri Nov 06 2020(Updated: )
A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenable Nessus Network Monitor | =5.11.0 | |
| Tenable Nessus Network Monitor | =5.11.1 | |
| Tenable Nessus Network Monitor | =5.12.0 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-5794?
CVE-2020-5794 is a vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows that could allow an authenticated local attacker to execute arbitrary code.
How does CVE-2020-5794 work?
CVE-2020-5794 works by allowing an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory.
What is the severity of CVE-2020-5794?
The severity of CVE-2020-5794 is high with a CVSS score of 7.8.
Which versions of Nessus Network Monitor are affected by CVE-2020-5794?
Versions 5.11.0, 5.11.1, and 5.12.0 of Nessus Network Monitor for Windows are affected by CVE-2020-5794.
How can I fix CVE-2020-5794?
To fix CVE-2020-5794, users should update to a patched version of Nessus Network Monitor that addresses the vulnerability.
- collector/nvd-index
- vendor/tenable
- canonical/tenable nessus network monitor
- version/tenable nessus network monitor/5.11.0
- version/tenable nessus network monitor/5.11.1
- version/tenable nessus network monitor/5.12.0
- vendor/microsoft
- canonical/microsoft windows