Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2848

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2014-2848
Last Modified 14 Apr 2014 11:21:17
Published 11 Apr 2014 11:55:22
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2848

Summary

A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program.

Vulnerable Systems

Application

  • Tenable Nessus 5.2.1

  • Tenable Plugin-set 201402092115


References

MISC - https://www.nccgroup.com/en/learning-and-research-centre/technical-advisories/nessus-authenticated-scan-local-privilege-escalation/

CONFIRM - https://discussions.nessus.org/thread/7195

SECTRACK - 1029946

SECUNIA - 57403


Last Updated: 27 May 2016 11:04:56