CVE-2021-20100

Vulnerability

Nessus Agent 8.2.4 and earlier for Windows contain multiple local privilege escalation vulnerabilities. An authenticated local administrator can run specific Windows executables as the Nessus host service, bypassing security restrictions. The affected versions are all Nessus Agent releases before 8.2.5 on Windows [1].

Exploitation

An attacker with local administrator privileges on the Windows host can exploit these vulnerabilities. No user interaction is required beyond the attacker having already obtained administrative access. The precise mechanism is not publicly detailed, but it involves the Nessus Agent failing to properly restrict execution of certain Windows executables, allowing them to run with elevated privileges associated with the Nessus host account [1].

Impact

Successful exploitation allows a local administrator to run arbitrary Windows executables as the Nessus host, which is a privileged service account. This could lead to further compromise of the Nessus host environment, including access to scanning credentials, configuration files, and the ability to modify Nessus settings. The vulnerability does not typically grant additional privileges beyond those already held by an administrator on the local system, but it enables running code in a different security context [1].

Mitigation

Tenable has released Nessus Agent 8.2.5 to address these issues. Users should upgrade to version 8.2.5 or later. The update is available from the Tenable Downloads Portal [1]. No workarounds are provided for unpatched versions. This vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog as of the publication date.