Vulnerability Description
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenable | Nessus Agent | >= 7.2.0, < 8.2.3 |
References
- https://www.tenable.com/security/tns-2021-04-0PatchVendor Advisory
- https://www.tenable.com/security/tns-2021-04-0PatchVendor Advisory
- https://www.tenable.com/security/tns-2021-07Not ApplicableVendor Advisory
- https://www.tenable.com/security/tns-2021-04-0PatchVendor Advisory
- https://www.tenable.com/security/tns-2021-04-0PatchVendor Advisory
- https://www.tenable.com/security/tns-2021-07Not ApplicableVendor Advisory
FAQ
What is CVE-2021-20077?
CVE-2021-20077 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 i...
How severe is CVE-2021-20077?
CVE-2021-20077 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20077?
Check the references section above for vendor advisories and patch information. Affected products include: Tenable Nessus Agent.