CVE-2024-3291
📋 TL;DR
This vulnerability allows local privilege escalation on Windows systems when Nessus Agent is installed to a non-default directory. Attackers could exploit insecure permissions on sub-directories to gain elevated privileges. Only affects users who installed Nessus Agent outside the default location.
💻 Affected Systems
- Tenable Nessus Agent
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains SYSTEM/administrator privileges on the Windows host, enabling complete system compromise, credential theft, and lateral movement.
Likely Case
Local authenticated user escalates privileges to install malware, access sensitive data, or modify system configurations.
If Mitigated
No impact if Nessus Agent is installed to default directory or proper directory permissions are enforced.
🎯 Exploit Status
Requires local access to the Windows system and knowledge of the non-default installation path.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.6.4
Vendor Advisory: https://www.tenable.com/security/tns-2024-09
Restart Required: Yes
Instructions:
1. Download Nessus Agent 10.6.4 or later from Tenable. 2. Run the installer to upgrade existing installation. 3. Restart the system or Nessus Agent service.
🔧 Temporary Workarounds
Secure directory permissions
windowsManually set secure permissions on the non-default installation directory and all sub-directories
icacls "C:\Path\To\NessusAgent" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" "Users:(OI)(CI)RX"
Reinstall to default location
windowsUninstall from non-default location and reinstall to default Program Files directory
🧯 If You Can't Patch
- Audit all Nessus Agent installations for non-default locations and secure directory permissions
- Implement least privilege access controls and monitor for privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check Nessus Agent version (should be <10.6.4) and verify installation path is not defaultCheck Version:
Get-ItemProperty HKLM:\Software\Tenable\NessusAgent\CurrentVersion | Select-Object VersionVerify Fix Applied:
Confirm version is 10.6.4 or later and check directory permissions on installation path📡 Detection & Monitoring
Log Indicators:
- Windows Security logs showing privilege escalation attempts
- Nessus Agent logs showing access to non-default directories
Network Indicators:
- Unusual Nessus Agent communication patterns post-exploitation
SIEM Query:
EventID=4672 AND ProcessName LIKE '%nessus%' AND SubjectUserName!=SYSTEM