SITE UNDER CONSTRUCTION
icon that changes when hovered overOliver Brooks

Vulnerabilities identified in Nagios XI 5.11.1

CVE-2023-47401

Root RCE via Ansible Vault File Injection

Critical

CVE-2023-47400

Remote Code Execution Via Custom Includes

High

CVE-2023-47404

Authentication Not Required for SSH Terminal Functionality

High

CVE-2023-47408

Command Injection in Host Configuration Page

High

CVE-2023-47409

Host Pivot Via Insecure Migration Process Ansible Vault Credentials

Medium

CVE-2023-47410

Stored Cross Site Scripting Vulnerability in Admin’s User Management Page

Medium

CVE-2023-47411

Recursive Filesystem Deletion as Root Via Backup Script

Medium

CVE-2023-47412

Any Authenticated User Can Manipulate User and System Macros

Medium

CVE-2023-47413

Unintended Files Can Be Edited By Graph Editor Page

Medium

CVE-2023-47414

Local Privilege Escalation via rsyslog abuse

Medium

CVE-2023-47407

Sensitive Credentials Stored in Plaintext World Readable Files

Low

CVE-2023-47406

Portscanning Via Scheduled Backups

Low

CVE-2023-47405

Weak Default MySQL Credentials

Low

CVE-2023-47403

Missing Objects Page Lacks Authorization Controls

Low

CVE-2023-47402

Plaintext Storage of NRDP and NSCA Tokens

Low

CVE-2023-47399

Nagios XI Database User Can Delete From Audit Log

Low


Logo