CVE-2021-20099
Description
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated local admin can elevate privileges to SYSTEM via Nessus Agent 8.2.4 and earlier on Windows.
Vulnerability
Nessus Agent versions 8.2.4 and earlier for Windows contain multiple local privilege escalation vulnerabilities. These allow an authenticated, local administrator to run specific Windows executables as the Nessus Agent host (SYSTEM level). The issue is distinct from CVE-2021-20100. [1]
Exploitation
An attacker must already have local administrator privileges on the Windows host where Nessus Agent is installed. By leveraging the vulnerable code path, the attacker can cause the agent to execute arbitrary Windows executables with the privileges of the Nessus host service, which runs as SYSTEM. No additional user interaction or network access is required beyond initial administrative access. [1]
Impact
Successful exploitation results in local privilege escalation from an administrative account to the SYSTEM account. This allows the attacker to execute code with the highest Windows privilege level, gaining full control over the host operating system and access to all resources. [1]
Mitigation
Tenable released Nessus Agent 8.2.5 to fix these vulnerabilities. Users should upgrade to version 8.2.5 or later, available from the Tenable Downloads Portal. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Nessus/Nessus Agentdescription
- Range: <=8.2.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.tenable.com/security/tns-2021-12mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.