CVE-2022-28291

CVSS 6.5 MEDIUMEPSS 0.6%CWE-522

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

17 out 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

n/a · Nessus Professional

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://cybersecurityworks.com/blog/zero-days/csw-expert-discovers-a-zero-day-vulnerability-in-tenables-nessus-scanner.html