CVE-2022-28291

Name of the Vulnerable Software and Affected Versions Nessus Essentials and Professional (affected versions not specified)

Description The issue allows an authenticated user with debug privileges to retrieve stored Nessus policy credentials from the "nessusd" process in cleartext via process dumping. This could enable an attacker to access credentials stored in Nessus scanners, potentially compromising the customers' network of assets.

Recommendations For all versions of Nessus Essentials and Professional, consider restricting debug privileges to minimize the risk of exploitation. As a temporary workaround, limit access to the "nessusd" process to prevent unauthorized credential retrieval. At the moment, there is no information about a newer version that contains a fix for this vulnerability.