CVE-2014-2848
Severity CVSS v4.0:
Pending analysis
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
11/04/2014
Last modified:
12/04/2025
Description
A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program.
Impact
Base Score 2.0
6.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:tenable:nessus:5.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tenable:plugin-set:*:*:*:*:*:*:*:* | 201402092115 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/57403
- http://www.securitytracker.com/id/1029946
- https://discussions.nessus.org/thread/7195
- https://www.nccgroup.com/en/learning-and-research-centre/technical-advisories/nessus-authenticated-scan-local-privilege-escalation/
- http://secunia.com/advisories/57403
- http://www.securitytracker.com/id/1029946
- https://discussions.nessus.org/thread/7195
- https://www.nccgroup.com/en/learning-and-research-centre/technical-advisories/nessus-authenticated-scan-local-privilege-escalation/