CVE-2024-9158

A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.
References
Link Resource
https://www.tenable.com/security/tns-2024-17 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*

History

07 Oct 2024, 16:13

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.4
v2 : unknown
v3 : 4.6
References () https://www.tenable.com/security/tns-2024-17 - () https://www.tenable.com/security/tns-2024-17 - Vendor Advisory
First Time Tenable nessus Network Monitor
Tenable
CPE cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*

04 Oct 2024, 13:51

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de Cross-Site Scripting Almacenado en Nessus Network Monitor donde un atacante local autenticado y privilegiado podría inyectar código arbitrario en la interfaz de usuario de NNM a través de la CLI local.

30 Sep 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-30 17:15

Updated : 2024-10-07 16:13


NVD link : CVE-2024-9158

Mitre link : CVE-2024-9158

CVE.ORG link : CVE-2024-9158


JSON object : View

Products Affected

tenable

  • nessus_network_monitor
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')