CVE-2024-3289
📋 TL;DR
This vulnerability allows local privilege escalation on Windows systems where Nessus is installed to a non-default directory. Attackers could exploit insecure permissions on sub-directories to gain elevated privileges. Only affects Nessus installations on Windows with custom installation paths.
💻 Affected Systems
- Tenable Nessus
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains SYSTEM-level privileges on the Windows host, enabling complete system compromise, data theft, and persistence establishment.
Likely Case
Local user with limited privileges escalates to administrator rights, potentially accessing sensitive Nessus scan data and system resources.
If Mitigated
No impact if Nessus is installed to default directory or proper directory permissions are enforced.
🎯 Exploit Status
Requires local access to the Windows system and knowledge of the non-default installation path.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.7.3
Vendor Advisory: https://www.tenable.com/security/tns-2024-08
Restart Required: Yes
Instructions:
1. Download Nessus 10.7.3 or later from Tenable. 2. Run the installer. 3. Restart the Nessus service. 4. Verify the update completed successfully.
🔧 Temporary Workarounds
Secure Directory Permissions
windowsManually set secure permissions on Nessus installation directory and sub-directories
icacls "C:\Path\To\Nessus" /inheritance:r /grant "SYSTEM:(OI)(CI)F" /grant "Administrators:(OI)(CI)F" /grant "Users:(OI)(CI)RX"
Reinstall to Default Location
windowsUninstall Nessus and reinstall to default directory (C:\Program Files\Tenable\Nessus)
🧯 If You Can't Patch
- Move Nessus installation to default directory (C:\Program Files\Tenable\Nessus)
- Apply strict ACL permissions to the custom installation directory, removing write access for non-administrative users
🔍 How to Verify
Check if Vulnerable:
Check Nessus version via web interface (Settings > About) or command line: "C:\Program Files\Tenable\Nessus\nessuscli.exe" --version. If version < 10.7.3 AND installed to non-default directory, system is vulnerable.Check Version:
"C:\Program Files\Tenable\Nessus\nessuscli.exe" --versionVerify Fix Applied:
Confirm version is 10.7.3 or higher via web interface or command line. Verify directory permissions are secure.📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation attempts in Windows Security logs (Event ID 4672, 4688)
- Unauthorized access attempts to Nessus directories
Network Indicators:
- None - this is a local exploit
SIEM Query:
EventID=4672 OR EventID=4688 | where ProcessName contains "nessus" OR CommandLine contains "nessus"