CVE-2021-20077

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token.

Published: Mar 19, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-20077
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
tenable / nessus_agent	7.2.0	8.2.3

https://www.tenable.com/security/tns-2021-04-0
https://www.tenable.com/security/tns-2021-07

Vulnerability Database

289,599

CVE-2021-20077