Potentially Dangerous PATH Variables

medium Nessus Plugin ID 172180

Synopsis

Potentially dangerous PATH variables are present in the PATH of the remote host.

Description

Potentially dangerous PATH variables are present in the PATH of the remote host, which could lead to privilege escalation by allowing non-administrator users to write files to the PATH directory.

This plugin fires on Unix when a directory in the PATH variable is world writable or if '.' (the current directory) is present in the PATH. This plugin also fires when the scan is paranoid and one of the following is true:

1) A directory in the PATH variable is not owned by root 2) A directory in the PATH variable has a group other than root and the group can write to the directory.

This plugin fires on Windows when paranoia is enabled and when a directory in the PATH variable is writable by one of the following unprivileged identity groups: BUILTIN\Users, NT AUTHORITY\Authenticated Users, anonymous, and everyone. It fires if one of these groups has full, write-only, modify, write owner, generic write, generic all, write data/add file, or write DAC permissions on the PATH directory

Solution

Ensure that directories listed here are in line with corporate policy.

Plugin Details

Severity: Medium

ID: 172180

File Name: dangerous_paths.nbin

Version: 1.134

Type: local

Agent: windows, macosx, unix

Family: General

Published: 3/7/2023

Updated: 12/18/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Score from an in depth analysis done by tenable

CVSS v2

Risk Factor: Medium

Base Score: 4.1

Vector: CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Vulnerability Information

Required KB Items: Host/PATH