CVE-2018-1141 in Nessus
Summary
by MITRE
When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/05/2021
The vulnerability described in CVE-2018-1141 represents a critical security flaw in Nessus network scanning software versions prior to 7.0.3. This issue stems from improper permission handling during installation processes, specifically when Nessus is deployed in non-default directory locations. The vulnerability falls under the category of insecure permission settings and can be classified as a weakness in access control mechanisms according to CWE-732. When users install Nessus outside of its standard installation paths, the software fails to properly enforce secure permissions on its subdirectories, creating potential attack vectors for local privilege escalation.
The technical flaw manifests when Nessus creates subdirectories during installation, particularly in custom locations where the software does not adequately implement proper file system permissions. This misconfiguration allows local users with lower privileges to potentially gain elevated access to the system. The vulnerability is particularly concerning because it leverages the principle of least privilege violation, where the software should enforce strict access controls on its own components. According to the ATT&CK framework, this weakness maps to privilege escalation techniques where adversaries exploit improper permissions to elevate their access level within the system.
The operational impact of this vulnerability extends beyond simple privilege escalation, as it can enable attackers to compromise the entire system or gain access to sensitive information stored within Nessus directories. Local users who have already established a foothold on the system can exploit this flaw to gain root or administrative privileges, potentially leading to complete system compromise. The vulnerability becomes more pronounced when considering that Nessus is commonly used in enterprise environments for security scanning, making it a valuable target for attackers seeking persistent access. Organizations using Nessus in non-standard installation paths are particularly at risk since the default installation behavior may not exhibit this issue.
Mitigation strategies for CVE-2018-1141 should focus on immediate remediation through software updates to Nessus version 7.0.3 or later, which addresses the improper permission handling. System administrators should also implement proper directory permissions for existing installations, ensuring that Nessus subdirectories are properly secured with restrictive access controls. The principle of least privilege should be enforced by verifying that only authorized users and processes have access to Nessus components. Additionally, organizations should conduct comprehensive audits of their Nessus installations to identify any non-default directory configurations that may be vulnerable. Regular monitoring and access control reviews should be implemented as part of ongoing security operations to prevent similar permission-related issues from emerging in other software components.