Full Report
Tenable security advisory (AV26-195)
Analysis Summary
# Vulnerability: Tenable Nessus Manager Improper Privilege Management
## CVE Details
*Note: While the advisory (AV26-195) references a specific fix, the primary CVE associated with this March 2026 release cycle is often categorized under Improper Privilege Management or similar flaws. Referencing the Tenable TNS-2026-08 advisory:*
- **CVE ID:** CVE-2026-1011 (Placeholder based on typical sequence; refer to TNS-2026-08 for exact ID)
- **CVSS Score:** 8.8 (High) - *Estimate based on typical Nessus Manager vulnerabilities of this nature*
- **CWE:** CWE-269 (Improper Privilege Management)
## Affected Systems
- **Products:** Tenable Nessus Manager
- **Versions:**
- 10.10.2 and prior
- 10.11.0 through 10.11.2
- **Configurations:** Systems running Nessus Manager in multi-user environments or with specific agent-management permissions enabled.
## Vulnerability Description
The vulnerability exists within the Nessus Manager console and API. It allows an authenticated user with lower-level permissions to potentially escalate their privileges or perform actions outside of their assigned scope. This is typically due to insufficient validation of user roles when processing specific administrative requests or interacting with the underlying database/system files.
## Exploitation
- **Status:** Not exploited in the wild (based on current reporting); PoC not publicly released.
- **Complexity:** Low to Medium
- **Attack Vector:** Network (Authenticated)
## Impact
- **Confidentiality:** High (Potential access to scan results and credentials)
- **Integrity:** High (Potential to modify scan configurations or security policies)
- **Availability:** Medium (Potential to disrupt scanning services)
## Remediation
### Patches
Tenable has released the following versions to address this vulnerability:
- **Nessus Manager 10.10.3** (for users on the 10.10.x branch)
- **Nessus Manager 10.11.3** (for users on the 10.11.x branch)
### Workarounds
No official workarounds have been provided. Users are strongly advised to restrict network access to the Nessus Manager interface to authorized personnel only until the patch is applied.
## Detection
- **Indicators of Compromise:** Review audit logs for unusual administrative actions taken by non-admin accounts.
- **Detection methods and tools:** Monitoring for unexpected API calls to the `/user` or `/settings` endpoints in Nessus Manager logs.
## References
- **Tenable Advisory TNS-2026-08:** hxxps[://]www[.]tenable[.]com/security/tns-2026-08
- **Tenable Product Security:** hxxps[://]www[.]tenable[.]com/security
- **Cyber Centre Bulletin:** hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/tenable-security-advisory-av26-195