Vulnerabilities in vulnerability scanner Nessus closed
Attacks on Nessus may be imminent. The developers have closed several gaps in various components.
(Image: Sashkin/Shutterstock.com)
Attackers can exploit eight vulnerabilities in the Nessus network and vulnerability scanner. In the worst case, they can provoke crashes or execute malicious code. A secured version is available for download.
Protect systems
According to a warning message, the vulnerabilities affect third-party components (expat and libxml2) and Nessus itself. The most dangerous is a vulnerability (CVE-2024-40896 “critical”) in libxml2. If attackers successfully exploit the vulnerability, they can, among other things, access information that is actually sealed off, change data or trigger DoS states.
The majority of the remaining vulnerabilities are classified as “high”. Malicious code attacks are conceivable at these points, among other things.
Videos by heise
Admins should install the repaired Nessus version 10.8.4 as soon as possible. According to the developers, all previous versions are vulnerable.
(des)
