CVE-2021-20106
Description
Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Privilege escalation in Nessus Agent ≤8.2.5 allows a Nessus admin user to upload a file to gain host admin privileges.
Vulnerability
Nessus Agent versions 8.2.5 and earlier contain a privilege escalation vulnerability. A Nessus administrator user can upload a specially crafted file that, when processed, leads to elevated privileges on the Nessus host [1].
Exploitation
To exploit this vulnerability, an attacker must have Nessus administrator credentials and the ability to upload files to the Nessus Agent. The exact exploitation steps are not publicly detailed, but the uploaded file is designed to trigger the privilege escalation [1].
Impact
Successful exploitation allows the attacker to gain full administrator privileges on the underlying Nessus host operating system, resulting in complete compromise of the host [1].
Mitigation
Tenable has released Nessus Agent 8.3.0 to address this vulnerability. Users should upgrade to version 8.3.0 or later, available from the Tenable Downloads Portal [1]. No workarounds are listed.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Nessus/Nessus Agentdescription
- Range: <=8.2.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.tenable.com/security/tns-2021-13mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.