{"api_version":"1","generated_at":"2026-04-23T01:19:06+00:00","cve":"CVE-2021-20099","urls":{"html":"https://cve.report/CVE-2021-20099","api":"https://cve.report/api/cve/CVE-2021-20099.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-20099","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-20099"},"summary":{"title":"CVE-2021-20099","description":"Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.","state":"PUBLIC","assigner":"vulnreport@tenable.com","published_at":"2021-06-28 11:15:00","updated_at":"2022-07-12 17:42:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.tenable.com/security/tns-2021-12","name":"https://www.tenable.com/security/tns-2021-12","refsource":"MISC","tags":[],"title":"[R1] Nessus Agent 8.2.5 Fixes Multiple Vulnerabilities - Security Advisory | Tenable®","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-20099","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20099","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"20099","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20099","vulnerable":"1","versionEndIncluding":"8.2.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tenable","cpe5":"nessus","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-20099","qid":"375654","title":"Tenable Nessus Multiple Vulnerabilities (TNS-2021-11)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-20099","ASSIGNER":"vulnreport@tenable.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Nessus Agent","version":{"version_data":[{"version_value":"Nessus Agent 8.2.4 and earlier"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Local Privilege Escalation"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.tenable.com/security/tns-2021-12","url":"https://www.tenable.com/security/tns-2021-12"}]},"description":{"description_data":[{"lang":"eng","value":"Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100."}]}},"nvd":{"publishedDate":"2021-06-28 11:15:00","lastModifiedDate":"2022-07-12 17:42:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*","versionEndIncluding":"8.2.4","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"20099","Ordinal":"194088","Title":"CVE-2021-20099","CVE":"CVE-2021-20099","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"20099","Ordinal":"1","NoteData":"Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"20099","Ordinal":"2","NoteData":"2021-06-28","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"20099","Ordinal":"3","NoteData":"2021-06-28","Type":"Other","Title":"Modified"}]}}}