CVE-2022-4313
High
Published: 15 March 2023
Published
15 March 2023
Modified
27 February 2025
KEV Added
—
Patch
—
CVSS Score v3.1
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0076
73.8th percentile
Risk Priority
18
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2022-4313 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Tenable Nessus. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 26.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-51668
Vulnerability details
A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
tenable
nessus
≤ 10.4.2
tenable
plugin feed
≤ 202212081952
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.