Insufficiently Protected Credentials in Tenable's Nessus Scanner
CVE-2022-28291

6.5MEDIUM

Key Information:

Vendor: Tenable
Status: Nessus Professional
Vendor: CVE Published:; 17 October 2022

What is CVE-2022-28291?

An authenticated user with debug privileges in Tenable's Nessus can exploit the vulnerability to extract stored policy credentials from the 'nessusd' process in cleartext through process dumping. This exposure could allow unauthorized access to sensitive credentials, potentially compromising the security of connected networks and assets.

Affected Version(s)

Nessus Professional Version 10.1.1

References

https://cybersecurityworks.com/blog/zero-days/csw-expert-...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2022
Vulnerability Reserved
Mar 31, 2022