CVE-2024-3290: 
Tenable Nessus vulnerability analysis and mitigation

CVE-2024-3290 is a race condition vulnerability discovered in Nessus versions prior to 10.7.3. The vulnerability affects Windows Nessus hosts where an authenticated, local attacker could modify installation parameters at installation time (Tenable Advisory). The vulnerability was reported to Tenable on March 24, 2024, confirmed as valid on March 28, 2024, and was patched with the release of Nessus 10.7.3 on May 16, 2024 (NVD).

The vulnerability is classified as a Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367). It has been assigned a CVSS v3.1 base score of 8.2 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H, indicating local access requirements with low attack complexity, requiring low privileges and user interaction (Tenable Advisory).

If successfully exploited, this vulnerability could lead to the execution of arbitrary code on the Nessus host with elevated privileges. The high CVSS score reflects the potential for complete compromise of confidentiality, integrity, and availability of the affected system (NVD, Tenable Advisory).

Tenable has addressed this vulnerability by releasing Nessus version 10.7.3. Users are advised to upgrade to this version to mitigate the risk. The installation files can be obtained from the Tenable Downloads Portal (Tenable Advisory).