Main Vulnerability Database Vulnerabilities #VU31039

Improper access control in Nagios XI - CVE-2018-17148

Published: June 19, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU31039

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-17148

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: nagios.org

Affected software:
Nagios XI

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.

How to mitigate CVE-2018-17148

Install update from vendor's website.

Sources

https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT

Improper access control in Nagios XI - CVE-2018-17148

Detailed vulnerability description

How to mitigate CVE-2018-17148

Sources

Please verify you're human