CVE-2024-9158 in Nessus Network Monitor
Summary
by MITRE • 09/30/2024
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/09/2025
The vulnerability identified as CVE-2024-9158 represents a critical stored cross site scripting flaw within Nessus Network Monitor, a network monitoring and vulnerability assessment tool developed by Tenable. This security weakness specifically affects the web user interface component of the application, creating a pathway for malicious actors to execute arbitrary code within the context of the victim's browser. The vulnerability requires an attacker to possess valid authentication credentials and privileged local access to the system, making it a local privilege escalation issue rather than a remote attack vector.
The technical flaw manifests through the improper sanitization of user input within the Network Monitor's command line interface functionality. When authenticated users execute commands through the local CLI, the system fails to adequately validate or escape the input before rendering it within the web-based user interface. This creates a persistent XSS vulnerability where malicious payloads can be stored and subsequently executed whenever the affected UI components are accessed. The CWE-079 weakness classification applies here, as the vulnerability involves improper neutralization of input during web page generation, allowing attackers to inject malicious scripts that execute in the context of other users.
The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with the ability to manipulate the web interface and potentially access sensitive network monitoring data. An attacker with local privileges could inject malicious scripts that redirect users to phishing sites, steal session cookies, or even escalate privileges further within the compromised system. The stored nature of the vulnerability means that once exploited, the malicious code persists until manually removed from the system, creating a long-term threat vector. This weakness directly aligns with ATT&CK technique T1566.001 for initial access through phishing and T1059.001 for command and scripting interpreter execution, as the vulnerability enables both persistent access and code execution.
Mitigation strategies for CVE-2024-9158 should focus on immediate patch application from Tenable, as the vendor has likely released a security update addressing the input validation issues within the NNM web interface. Organizations should also implement strict access controls and privilege separation to limit local administrative access to only essential personnel. Network segmentation and monitoring of CLI activities can help detect anomalous command execution patterns that might indicate exploitation attempts. Additionally, implementing web application firewalls and content security policies can provide additional layers of protection against XSS attacks. Regular security audits of network monitoring tools and maintaining updated threat intelligence on similar vulnerabilities in the Tenable product suite will help organizations maintain comprehensive defense against such threats.