A newly disclosed safety vulnerability in Tenable’s Nessus Agent for Home windows may enable attackers to execute malicious code with the best stage of system privileges, elevating severe issues for enterprise safety groups counting on the widely-deployed vulnerability evaluation platform.
The flaw permits a menace actor to create a Home windows junction, a sort of filesystem symbolic hyperlink that may be leveraged to delete arbitrary information with SYSTEM-level privileges.
As soon as file deletion at that privilege tier is achieved, the situation can cascade right into a full arbitrary code execution state of affairs, successfully granting an attacker full management over the affected machine.
Nessus Agent Vulnerability on Home windows
The vulnerability exploits a category of privilege escalation weak spot generally generally known as a “symlink assault” or junction abuse. On Home windows programs, NTFS junctions redirect file system operations from one listing to a different.
When a privileged course of such because the Nessus Agent service follows a junction throughout a file operation with out correct validation, it may be manipulated to behave on unintended targets.
On this case, an attacker with native entry can plant a malicious junction in a location the Nessus Agent service interacts with.
By redirecting the agent’s deletion routine to a crucial system file or listing, the attacker can corrupt the working surroundings in a managed method and subsequently place a malicious payload to be executed underneath the SYSTEM context.
This method is especially harmful as a result of SYSTEM is the best privilege stage in Home windows, surpassing even customary administrator accounts.
Code operating as SYSTEM can modify any file, set up rootkits, disable safety instruments, and persist throughout reboots with out restriction.
The vulnerability particularly impacts Nessus Agent installations operating on Home windows. Organizations deploying Nessus Brokers throughout enterprise endpoints for steady vulnerability scanning are instantly within the threat window.
On condition that Nessus Brokers are sometimes put in on delicate servers and workstations, profitable exploitation may have catastrophic downstream penalties for a corporation’s safety posture.
Tenable has addressed the vulnerability in Nessus Agent model 11.1.3, which is now accessible by way of the Tenable Downloads Portal. The corporate strongly urges all customers to improve instantly, emphasizing that well timed patch software is crucial to lowering publicity.
Tenable reiterated its dedication to accountable disclosure, stating that it maintains lively communication with safety researchers and prioritizes fast decision of product vulnerabilities.
Safety groups are additionally inspired to report any newly found vulnerabilities on to Tenable to facilitate coordinated patching.
Safety directors ought to deal with this replace as a precedence deployment, significantly in environments the place Nessus Brokers are put in on high-value or internet-adjacent Home windows programs.
Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.
