Main Vulnerability Database Vulnerabilities #VU31039

#VU31039 Improper access control in Nagios XI - CVE-2018-17148

Published: June 19, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU31039

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-17148

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Nagios XI

Software vendor:
nagios.org

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.

Remediation

Install update from vendor's website.

External links

https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT

#VU31039 Improper access control in Nagios XI - CVE-2018-17148

Description

Remediation

External links

Please verify you're human