CVE-2022-33757: Broken Access Control in Tenable, Inc. Tenable Nessus
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.
AI Analysis
Technical Summary
CVE-2022-33757 is a medium-severity vulnerability affecting Tenable, Inc.'s Nessus vulnerability scanner. The flaw is classified as Broken Access Control (CWE-284) and allows an authenticated attacker with limited privileges to access debug log file attachments through the Nessus web user interface without having the necessary permissions. These debug logs may contain sensitive information about the scan targets and details of the Nessus scans themselves. Since the vulnerability requires authentication but no elevated privileges beyond basic user access, it could be exploited by any user who can log into the Nessus instance. The vulnerability does not require user interaction beyond authentication and can be exploited remotely over the network (AV:N). The attack complexity is low (AC:L), and the impact is primarily on confidentiality (C:H), with no impact on integrity or availability. The scope remains unchanged (S:U), meaning the vulnerability affects only the Nessus instance and does not extend to other components or systems. No known exploits are reported in the wild, and no official patches are linked in the provided data, though the issue was published in October 2022. The vulnerability could lead to unauthorized disclosure of sensitive scan data, potentially exposing network configurations, vulnerabilities, or other internal details to unauthorized users who have access to the Nessus web interface but should not have access to debug logs.
Potential Impact
For European organizations using Tenable Nessus, this vulnerability poses a risk of sensitive information leakage. Nessus is widely used for vulnerability management and security assessments, often containing detailed information about internal network assets, vulnerabilities, and configurations. Unauthorized access to debug logs could reveal scan results and target details, which attackers or insider threats could leverage to plan further attacks or gain deeper insight into the organization's security posture. This risk is particularly critical for sectors with stringent data protection requirements such as finance, healthcare, and critical infrastructure in Europe. Disclosure of scan data could also violate compliance requirements under regulations like GDPR if personal or sensitive data is indirectly exposed. Although exploitation requires authentication, the risk remains significant if user accounts are compromised or if lower-privileged users are granted access to the Nessus interface. The lack of impact on integrity and availability reduces the risk of direct system disruption but does not diminish the confidentiality concerns.
Mitigation Recommendations
European organizations should take the following specific steps to mitigate this vulnerability: 1) Immediately review and restrict user access to the Nessus web interface, ensuring that only trusted and necessary personnel have authenticated access. 2) Implement strict role-based access controls (RBAC) within Nessus to limit user privileges and prevent access to debug logs unless explicitly required. 3) Monitor Nessus user activity logs for unusual access patterns or attempts to access debug logs. 4) If possible, isolate the Nessus server within a secure network segment with limited exposure to reduce the attack surface. 5) Regularly update Nessus to the latest available version and monitor Tenable advisories for patches addressing this vulnerability. 6) Consider additional network-level controls such as web application firewalls (WAFs) to detect and block unauthorized access attempts. 7) Conduct internal audits to verify that debug logs do not contain unnecessarily sensitive information and consider sanitizing logs if feasible. 8) Educate Nessus users on the importance of credential security to prevent unauthorized authentication.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Spain, Sweden, Belgium, Poland, Switzerland
CVE-2022-33757: Broken Access Control in Tenable, Inc. Tenable Nessus
Description
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.
AI-Powered Analysis
Technical Analysis
CVE-2022-33757 is a medium-severity vulnerability affecting Tenable, Inc.'s Nessus vulnerability scanner. The flaw is classified as Broken Access Control (CWE-284) and allows an authenticated attacker with limited privileges to access debug log file attachments through the Nessus web user interface without having the necessary permissions. These debug logs may contain sensitive information about the scan targets and details of the Nessus scans themselves. Since the vulnerability requires authentication but no elevated privileges beyond basic user access, it could be exploited by any user who can log into the Nessus instance. The vulnerability does not require user interaction beyond authentication and can be exploited remotely over the network (AV:N). The attack complexity is low (AC:L), and the impact is primarily on confidentiality (C:H), with no impact on integrity or availability. The scope remains unchanged (S:U), meaning the vulnerability affects only the Nessus instance and does not extend to other components or systems. No known exploits are reported in the wild, and no official patches are linked in the provided data, though the issue was published in October 2022. The vulnerability could lead to unauthorized disclosure of sensitive scan data, potentially exposing network configurations, vulnerabilities, or other internal details to unauthorized users who have access to the Nessus web interface but should not have access to debug logs.
Potential Impact
For European organizations using Tenable Nessus, this vulnerability poses a risk of sensitive information leakage. Nessus is widely used for vulnerability management and security assessments, often containing detailed information about internal network assets, vulnerabilities, and configurations. Unauthorized access to debug logs could reveal scan results and target details, which attackers or insider threats could leverage to plan further attacks or gain deeper insight into the organization's security posture. This risk is particularly critical for sectors with stringent data protection requirements such as finance, healthcare, and critical infrastructure in Europe. Disclosure of scan data could also violate compliance requirements under regulations like GDPR if personal or sensitive data is indirectly exposed. Although exploitation requires authentication, the risk remains significant if user accounts are compromised or if lower-privileged users are granted access to the Nessus interface. The lack of impact on integrity and availability reduces the risk of direct system disruption but does not diminish the confidentiality concerns.
Mitigation Recommendations
European organizations should take the following specific steps to mitigate this vulnerability: 1) Immediately review and restrict user access to the Nessus web interface, ensuring that only trusted and necessary personnel have authenticated access. 2) Implement strict role-based access controls (RBAC) within Nessus to limit user privileges and prevent access to debug logs unless explicitly required. 3) Monitor Nessus user activity logs for unusual access patterns or attempts to access debug logs. 4) If possible, isolate the Nessus server within a secure network segment with limited exposure to reduce the attack surface. 5) Regularly update Nessus to the latest available version and monitor Tenable advisories for patches addressing this vulnerability. 6) Consider additional network-level controls such as web application firewalls (WAFs) to detect and block unauthorized access attempts. 7) Conduct internal audits to verify that debug logs do not contain unnecessarily sensitive information and consider sanitizing logs if feasible. 8) Educate Nessus users on the importance of credential security to prevent unauthorized authentication.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- tenable
- Date Reserved
- 2022-06-15T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d981bc4522896dcbd98be
Added to database: 5/21/2025, 9:08:43 AM
Last enriched: 7/5/2025, 1:56:13 PM
Last updated: 8/16/2025, 11:53:48 PM
Views: 13
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.