Cybersecurity specialists reported the finding of at least five critical vulnerabilities in Nessus, a functional vulnerability scanning program on multiple operating systems developed by technology company Tenable. According to the report, successful exploitation of these flaws would allow threat actors to access sensitive information.

Below is a brief report on the flaws reported, in addition to their respective identification keys and scores established according to the Common Vulnerability Scoring System (CVSS).

CVE-2018-20843: Insufficient validation of user-provided XML input would allow remote threat actors to pass specially crafted XML to the affected application.

The flaw received a CVSS score of 6.7/10 and its successful exploitation would allow hackers to view the contents of confidential files and perform scans on the affected network.

CVE-2019-15903: A limit error while processing XML documents within the affected library would allow remote attackers to create a specially crafted XML file, pass it on to the affected application, and trigger an out-of-bounds read error.

This vulnerability received a score of 4.6/10 and its abuse would allow remote attackers to gain access to potentially sensitive information or deploy denial of service (DoS) attacks.

CVE-2019-16168: There is a division by zero error within whereLoopAddBtreeIndex in sqlite3.c related to incorrect input validation in the sqlite_stat1 sz field. Remote threat actors could pass specially crafted data to the vulnerable application to trigger the error and force the vulnerable application to crash.

The flaw received a CVSS score of 3.9/10 and its exploitation would allow the deployment of DoS attacks.

CVE-2021-20099: The affected application does not impose adequate security restrictions, allowing hackers to perform privilege escalation attacks.

The flaw received a score of 6.9/10.

CVE-2021-20100: The application does not properly enforce the relevant security restrictions, which could lead to privilege escalation scenarios. 

The vulnerability received a CVSS score of 6.8/10.

The five flaws reside in the following versions of Tenable Nessus: 8.0.0, 8.0.1, 8.1.0, 8.1.1, 8.1.2, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.3.0, 8.3.1, 8.3.2, 8.4.0, 8.5.0, 8.5.1, 8.5.2, 8.6.0, 8.7.0, 8.7.1, 8.7.2, 8.8.0, 8.9.0, 8.9.1, 8.10.0, 8.10.1, 8.11.0, 8.11.1, 8.12.0, 8.12.1, 8.13.0, 8.13.1, 8.13.2 and 8.14.0.

These flaws can be exploited remotely by unauthenticated hackers, however, cybersecurity experts have not detected exploit attempts in real scenarios or malware variants associated with these attacks.

The flaws have already been addressed, so Tenable recommends users of affected deployments update as soon as possible. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.