Vulnerability CVE-2018-10553


Published: 2018-04-29   Modified: 2018-04-30

Description:
An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

Vendor: Nagios
Product: Nagios xi 
Version: 5.4.13;

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://code610.blogspot.com/2018/04/few-bugs-in-latest-nagios-xi-5413.html

Related CVE
CVE-2019-9204
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.
CVE-2019-9203
Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.
CVE-2019-9202
Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.
CVE-2019-9167
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
CVE-2019-9166
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.
CVE-2019-9165
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
CVE-2019-9164
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
CVE-2018-20172
An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability.

Copyright 2019, cxsecurity.com

 

Back to Top