CVE-2022-3499 is a vulnerability identified in Tenable Nessus versions 10.3.1 and earlier, involving improper access control related to the use of identical agent and cluster node linking keys. Nessus is a widely used vulnerability scanning tool that employs agents deployed on endpoints and cluster nodes to perform distributed scanning and data collection. The vulnerability arises because the same linking keys are used for both agents and cluster nodes, which can be exploited by an authenticated attacker with at least low privileges (PR:L) to access agent logs and data that should be restricted. This improper access control flaw (classified under CWE-532, which relates to exposure of information through improper access control) can lead to unauthorized disclosure of sensitive information contained in agent logs, potentially revealing details about the scanned environment, vulnerabilities, or internal network structure. The CVSS v3.1 base score is 6.5 (medium severity), reflecting a network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L) but no user interaction (UI:N), with a high impact on confidentiality (C:H) but no impact on integrity or availability. No known exploits are reported in the wild as of the publication date. The vulnerability does not affect the integrity or availability of the system but poses a significant confidentiality risk, especially in environments where sensitive data is scanned and logged. Since Nessus is a critical tool for vulnerability management, unauthorized access to its logs could aid attackers in reconnaissance or lateral movement within a network.

For European organizations, this vulnerability poses a risk of unauthorized disclosure of sensitive security data collected by Nessus agents. Such data may include detailed information about network configurations, vulnerabilities, and system details that could be leveraged by attackers to plan further attacks. Organizations in sectors with strict data protection regulations, such as finance, healthcare, and critical infrastructure, could face compliance issues if sensitive information is leaked. The confidentiality breach could undermine trust in security operations and potentially expose internal security postures to adversaries. While the vulnerability requires authenticated access, insider threats or compromised credentials could enable exploitation. Given the widespread use of Nessus in Europe for vulnerability management, the risk is non-trivial, particularly for large enterprises and managed security service providers (MSSPs) who deploy agents across multiple client environments. The absence of known exploits reduces immediate risk but does not eliminate the potential for targeted attacks, especially in high-value environments.

To mitigate this vulnerability, European organizations should: 1) Upgrade Nessus installations to versions later than 10.3.1 where the vulnerability is patched or addressed by Tenable. 2) Review and restrict access controls to Nessus management consoles and agent linking keys to ensure only authorized personnel have access. 3) Implement strict credential management and monitoring to detect unauthorized access attempts, including multi-factor authentication (MFA) for Nessus user accounts. 4) Audit and rotate agent and cluster node linking keys regularly to minimize risk from compromised keys. 5) Monitor Nessus logs and network traffic for unusual access patterns that could indicate exploitation attempts. 6) Segregate Nessus agents and cluster nodes in network segments with limited access to reduce lateral movement risks. 7) Engage with Tenable support or security advisories for any additional patches or recommended configurations. These steps go beyond generic advice by focusing on key management, access restriction, and monitoring specific to the nature of this vulnerability.