CVE-2022-28291

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an...

Tenable Network Security Nessus 安全漏洞

Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. A security vulnerability exists in Tenable Network Security Nessus Professional version 10.1.1, which stems from the disclosure of critical information...

Potential RCE in Nessus 7 and attacks on Vulnerability Scanners

A few days ago I saw an interesting youtube video UPD. 14.05.18 Not available anymore in my Facebook feed. It is demonstrating the exploitation of the RCE vulnerability in Tenable Nessus Professional 7.0.3. Currently we have very few information about this vulnerability: only youtube video, which...

New Nessus 7 Professional and the end of cost-effective Vulnerability Management (as we knew it)

It's an epic and really sad news. When people asked me about the cost-effective solution for Vulnerability Management I usually answered: "Nessus Professional with some additional automation through Nessus API". With just a couple of Nessus Professional scanning nodes it was possible to scan all...