CVE-2021-20099 — MEDIUM (6.7)

Q: How severe is CVE-2021-20099?

CVE-2021-20099 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-20099?

Check the references section above for vendor advisories and patch information. Affected products include: Tenable Nessus, Microsoft Windows.

Vulnerability Description

Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tenable	Nessus	<= 8.2.4
Microsoft	Windows	-

References

https://www.tenable.com/security/tns-2021-12Vendor Advisory
https://www.tenable.com/security/tns-2021-12Vendor Advisory

FAQ

What is CVE-2021-20099?

CVE-2021-20099 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows exe...

How severe is CVE-2021-20099?

CVE-2021-20099 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-20099?

Check the references section above for vendor advisories and patch information. Affected products include: Tenable Nessus, Microsoft Windows.