CVE-2022-28291 is a vulnerability classified under CWE-522 (Insufficiently Protected Credentials) affecting Nessus Essentials and Professional, specifically version 10.1.1. The issue arises because an authenticated user with debug privileges can extract stored Nessus policy credentials in cleartext by performing a process dump of the "nessusd" process. Nessus is a widely used vulnerability scanner that stores credentials to perform authenticated scans on network assets. The vulnerability allows an attacker who has already gained authenticated access with debug privileges to escalate their access by retrieving sensitive credentials stored within the scanner. These credentials could then be used to compromise other systems within the customer’s network, potentially leading to lateral movement, data exfiltration, or further exploitation. The vulnerability does not require user interaction but does require the attacker to have authenticated debug-level access, which limits the initial attack surface. The CVSS v3.1 score is 6.5 (medium severity), reflecting the network attack vector, low attack complexity, and the requirement for privileges but no user interaction. The impact is primarily on confidentiality, as credentials are exposed in cleartext, but integrity and availability are not directly affected. No known exploits in the wild have been reported, and no patches are explicitly linked in the provided information, indicating that remediation may require vendor updates or configuration changes to restrict debug access.

For European organizations, this vulnerability poses a significant risk to the confidentiality of credentials stored within Nessus scanners. Since Nessus is commonly used by enterprises and managed security service providers (MSSPs) across Europe for vulnerability management, exploitation could lead to unauthorized access to critical network assets. Compromise of credentials stored in Nessus can facilitate lateral movement within corporate networks, enabling attackers to escalate privileges or access sensitive data. This is particularly concerning for organizations in regulated sectors such as finance, healthcare, and critical infrastructure, where data protection is paramount under GDPR and other regulations. The requirement for debug privileges means that the threat is more relevant in environments where internal users or attackers have gained some level of authenticated access, highlighting the importance of internal access controls. The exposure of credentials in cleartext also increases the risk of insider threats or attackers leveraging stolen credentials for further attacks. While no direct impact on system availability or integrity is noted, the breach of credential confidentiality can have cascading effects on overall network security posture.

To mitigate this vulnerability, European organizations should take the following specific actions: 1) Immediately review and restrict debug privileges within Nessus to only the most trusted administrators, minimizing the number of users who can perform process dumps. 2) Implement strict access controls and monitoring on Nessus management interfaces and underlying hosts to detect and prevent unauthorized access or privilege escalation. 3) If possible, upgrade Nessus to a version where this vulnerability is patched; if no patch is available, contact Tenable support for guidance or apply recommended configuration changes to protect stored credentials. 4) Employ host-based security controls such as process access restrictions and memory protection to prevent unauthorized dumping of the nessusd process. 5) Regularly audit stored credentials within Nessus policies and rotate them frequently to limit the window of exposure. 6) Monitor logs for suspicious activity related to debug access or credential retrieval attempts. 7) Educate administrators about the risks of granting debug privileges and enforce the principle of least privilege. These steps go beyond generic advice by focusing on privilege restriction, credential hygiene, and host-level protections specific to the nature of this vulnerability.