CVE-2024-3289

CVSS 3.1 Score 7.8 of 10 (HIGH)

Attack Complexity

LOW

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Scope

UNCHANGED

Privileges Required

NONE

Summary

CVE-2024-3289 is a vulnerability affecting Nessus, a popular vulnerability scanner, on Windows hosts. Before version 10.7.3, Nessus failed to enforce secure permissions for sub-directories when installed in a non-default location. An attacker who gains access to the system could potentially escalate local privileges by exploiting this weakness, if the sub-directories in the non-default installation location are not adequately secured by users. This issue underscores the importance of adhering to the default installation directories and properly securing custom installation locations.

Details

Published: formatDate( 2024-05-17T17:15:07.310Z )
Updated: formatDate( 2024-05-17T18:35:35.070Z )
CWE ID: CWE-783,CWE-670

Affected Products

Google Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/vfo2Fu
https://www.cve.org/CVERecord?id=CVE-2024-3289
https://nvd.nist.gov/vuln/detail/CVE-2024-3289