exploitDog

CVE-2018-15711

Опубликовано: 14 нояб. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.

Ссылки

https://www.tenable.com/security/research/tra-2018-37
Exploit
Third Party Advisory
https://www.tenable.com/security/research/tra-2018-37
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nagios:nagios_xi:5.5.6:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.31734

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-w945-wc2v-qq8w

CVSS3: 8.8

github

больше 3 лет назад

Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.

EPSS

Процентиль: 97%

0.31734

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78