CVE-2022-28291

CVE-2022-28291

Vendor N/A
Product Nessus Professional
Weakness CWE-522 · Insufficiently protected credentials
Published October 17, 2022
Last update May 13, 2025

CVSS base score

What the vulnerability does

01Description

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets.

Key dates

02Disclosure timeline

October 17, 2022 CVE published
May 13, 2025 Record updated