A newly disclosed safety vulnerability in Tenable’s Nessus Agent for Home windows might permit attackers to execute malicious code with the very best stage of system privileges, elevating severe considerations for enterprise safety groups counting on the widely-deployed vulnerability evaluation platform.
The flaw allows a menace actor to create a Home windows junction, a kind of filesystem symbolic hyperlink that may be leveraged to delete arbitrary recordsdata with SYSTEM-level privileges.
As soon as file deletion at that privilege tier is achieved, the situation can cascade right into a full arbitrary code execution state of affairs, successfully granting an attacker full management over the affected machine.
Nessus Agent Vulnerability on Home windows
The vulnerability exploits a category of privilege escalation weak spot generally generally known as a “symlink assault” or junction abuse. On Home windows techniques, NTFS junctions redirect file system operations from one listing to a different.
When a privileged course of such because the Nessus Agent service follows a junction throughout a file operation with out correct validation, it may be manipulated to behave on unintended targets.
On this case, an attacker with native entry can plant a malicious junction in a location the Nessus Agent service interacts with.
By redirecting the agent’s deletion routine to a important system file or listing, the attacker can corrupt the working atmosphere in a managed method and subsequently place a malicious payload to be executed underneath the SYSTEM context.
This method is especially harmful as a result of SYSTEM is the very best privilege stage in Home windows, surpassing even normal administrator accounts.
Code working as SYSTEM can modify any file, set up rootkits, disable safety instruments, and persist throughout reboots with out restriction.
The vulnerability particularly impacts Nessus Agent installations working on Home windows. Organizations deploying Nessus Brokers throughout enterprise endpoints for steady vulnerability scanning are immediately within the threat window.
Provided that Nessus Brokers are sometimes put in on delicate servers and workstations, profitable exploitation might have catastrophic downstream penalties for a corporation’s safety posture.
Tenable has addressed the vulnerability in Nessus Agent model 11.1.3, which is now obtainable by the Tenable Downloads Portal. The corporate strongly urges all customers to improve instantly, emphasizing that well timed patch utility is important to lowering publicity.
Tenable reiterated its dedication to accountable disclosure, stating that it maintains lively communication with safety researchers and prioritizes speedy decision of product vulnerabilities.
Safety groups are additionally inspired to report any newly found vulnerabilities on to Tenable to facilitate coordinated patching.
Safety directors ought to deal with this replace as a precedence deployment, significantly in environments the place Nessus Brokers are put in on high-value or internet-adjacent Home windows techniques.
Observe us on Google News, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.