Cybersecurity specialists reported the finding of a severe vulnerability in Tenable Nessus, the popular vulnerability scanning program for various operating systems. Successful exploitation of this vulnerability would allow threat actors to obtain confidential information from the target system.
Below is a brief description of the reported failure, in addition to its identification key and score according to the Common Vulnerability Scoring System (CVSS).
CVE-2020-5774: A session expiration insufficiency issue allows threat actors to obtain or guess the session token, gaining unauthorized access to the session from other users, potentially exposing sensitive information.
This is a low severity failure that received a score of 3.7/10.
The versions of Tenable Nessus affected by this failure are: 8.0.0, 8.0.1, 8.1.0, 8.1.1, 8.1.2, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.3.0, 8.3.2, 8.4.0, 8.5.0, 8.5.1, 8.5.2, 8.6.0, 8.7.0, 8.7.1, 8.7.2, 8 8.0, 8.9.0, 8.9.1, 8.10.0, 8.10.1, 8.11.0.
Experts mention that this failure can be exploited remotely by actors of unauthenticated threats over LAN, although no attempts at active exploitation have been reported. Updates are now available, so users of affected deployments are advised to patch shortly.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.