CVE-2022-32974
First published: Tue Jun 21 2022(Updated: )
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenable Nessus | <10.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-32974?
CVE-2022-32974 is a vulnerability that allows an authenticated attacker to read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
What is the severity of CVE-2022-32974?
CVE-2022-32974 has a severity value of 6.5, which is classified as medium.
Which software is affected by CVE-2022-32974?
Tenable Nessus version up to 10.2.0 is affected by CVE-2022-32974.
How can an attacker exploit CVE-2022-32974?
An attacker can exploit CVE-2022-32974 by using a custom crafted compliance audit file without providing valid SSH credentials to read arbitrary files from the underlying operating system of the scanner.
Is there a fix available for CVE-2022-32974?
Yes, it is recommended to update Tenable Nessus to a version beyond 10.2.0 to mitigate CVE-2022-32974.
- collector/nvd-index
- agent/event
- vendor/tenable
- canonical/tenable nessus