VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 20, 2023· Updated Aug 2, 2024

CVE-2023-6178

CVE-2023-6178

Description

An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated attackers with managing application privileges can exploit Nessus Agent to overwrite arbitrary files via Nessus Rules variables, causing denial of service.

Vulnerability

The vulnerability exists in Nessus Agent versions prior to 10.4.4. An authenticated attacker with privileges on the managing application (e.g., Tenable.sc or Tenable.io) can alter Nessus Rules variables to overwrite arbitrary files on the remote host where the agent is running. [1]

Exploitation

To exploit, the attacker must have authenticated access to the managing application with sufficient privileges to modify Nessus Rules. By crafting malicious rules variables, the attacker can cause the agent to write to arbitrary file paths on the remote host. No user interaction on the agent side is required beyond normal operation. [1]

Impact

Successful exploitation allows the attacker to overwrite arbitrary files on the remote host, potentially leading to a denial of service condition. The impact is limited to file overwrite; no remote code execution or privilege escalation is indicated. [1]

Mitigation

Tenable released Nessus Agent version 10.4.4 on 2023-11-20 to fix this vulnerability. Users should upgrade to version 10.4.4 or later. No workarounds are mentioned. The vulnerability is not listed on CISA KEV as of this writing. [1]

References
  1. [R1] Nessus Agent Version 10.4.4 Fixes One Vulnerability

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.