CVE-2022-4313
First published: Wed Mar 15 2023(Updated: )
A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenable Nessus | <10.4.2 | |
| Tenable Plugin Feed | <202212081952 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-4313?
CVE-2022-4313 is a vulnerability in Tenable products that allows authenticated users with Scan Policy Configuration roles to execute arbitrary commands on credentialed scan targets.
How severe is CVE-2022-4313?
CVE-2022-4313 has a severity rating of high (8.8).
Which Tenable products are affected by CVE-2022-4313?
CVE-2022-4313 affects Tenable Nessus up to version 10.4.2 and Tenable Plugin Feed up to version 202212081952.
What can an authenticated user with Scan Policy Configuration roles do in relation to CVE-2022-4313?
An authenticated user with Scan Policy Configuration roles can manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.
Where can I find more information about CVE-2022-4313?
More information about CVE-2022-4313 can be found at the following link: [CVE-2022-4313](https://www.tenable.com/security/tns-2023-14).
- collector/nvd-index
- vendor/tenable
- canonical/tenable nessus
- canonical/tenable plugin feed