SB2017033103 - Multiple vulnerabilities in Nagios
Published: March 31, 2017 Updated: August 8, 2020
Security Bulletin ID
SB2017033103
Severity
High
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Use of hard-coded credentials (CVE-ID: CVE-2016-0726)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
2) Cross-site scripting (CVE-ID: CVE-2016-6209)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Cross-site scripting (XSS) vulnerability in Nagios.
Remediation
Install update from vendor's website.