exploitDog

CVE-2022-28291

Опубликовано: 17 окт. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets.

Ссылки

https://cybersecurityworks.com/blog/zero-days/csw-expert-discovers-a-zero-day-vulnerability-in-tenables-nessus-scanner.html
Exploit
Third Party Advisory
https://cybersecurityworks.com/blog/zero-days/csw-expert-discovers-a-zero-day-vulnerability-in-tenables-nessus-scanner.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00271

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-522

CWE-522

Связанные уязвимости

GHSA-m36f-j5wf-g85f

CVSS3: 6.5

github

больше 2 лет назад

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets.

EPSS

Процентиль: 50%

0.00271

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-522

CWE-522