Vulnerability Details CVE-2021-20077
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.4%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 7.2
References
Products affected by CVE-2021-20077
-
cpe:2.3:a:tenable:nessus_agent:7.2.0
-
cpe:2.3:a:tenable:nessus_agent:7.2.1
-
cpe:2.3:a:tenable:nessus_agent:7.3.0
-
cpe:2.3:a:tenable:nessus_agent:7.3.1
-
cpe:2.3:a:tenable:nessus_agent:7.3.2
-
cpe:2.3:a:tenable:nessus_agent:7.4.0
-
cpe:2.3:a:tenable:nessus_agent:7.4.1
-
cpe:2.3:a:tenable:nessus_agent:7.4.2
-
cpe:2.3:a:tenable:nessus_agent:7.4.3
-
cpe:2.3:a:tenable:nessus_agent:7.5.0
-
cpe:2.3:a:tenable:nessus_agent:7.5.1
-
cpe:2.3:a:tenable:nessus_agent:7.6.0
-
cpe:2.3:a:tenable:nessus_agent:7.6.1
-
cpe:2.3:a:tenable:nessus_agent:7.6.2
-
cpe:2.3:a:tenable:nessus_agent:7.6.3
-
cpe:2.3:a:tenable:nessus_agent:7.7.0
-
cpe:2.3:a:tenable:nessus_agent:8.0.0
-
cpe:2.3:a:tenable:nessus_agent:8.1.0
-
cpe:2.3:a:tenable:nessus_agent:8.1.1
-
cpe:2.3:a:tenable:nessus_agent:8.2.0
-
cpe:2.3:a:tenable:nessus_agent:8.2.1
-
cpe:2.3:a:tenable:nessus_agent:8.2.2