CVE-2021-20118

Vulnerability

Nessus Agent versions 8.3.0 and prior contain a local privilege escalation vulnerability. An authenticated, local administrator can exploit this flaw to run specific executables on the Nessus Agent host with unintended higher privileges. The exact affected component is not detailed, but the issue is distinct from CVE-2021-20117 [1].

Exploitation

An attacker must have local administrative access to the system where the Nessus Agent is installed. No special network position or additional authentication is required beyond existing administrator credentials. The attacker can trigger the vulnerability by executing specific (unlisted) executables provided by the agent, which then run with elevated privileges beyond what a standard administrator would normally have [1].

Impact

Successful exploitation allows the attacker to gain elevated privileges, potentially leading to full control over the Nessus Agent process or the underlying system. This could result in unauthorized actions such as modifying agent behavior, accessing sensitive data, or persisting with high integrity. The exact scope of privilege escalation (e.g., SYSTEM vs. Administrator) is not specified [1].

Mitigation

Tenable released Nessus Agent version 8.3.1 to fix this vulnerability. Users should upgrade to 8.3.1 or later, available from the Tenable Downloads Portal [1]. No workarounds have been provided; upgrading is the recommended solution.