CVE-2018-8733

Опубликовано: 18 апр. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.

Ссылки

https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
Release Notes
Vendor Advisory
https://blog.redactedsec.net/exploits/2018/04/26/nagios.html
Exploit
Technical Description
Third Party Advisory
https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f
Third Party Advisory
https://www.exploit-db.com/exploits/44560/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/44969/
Exploit
Third Party Advisory
VDB Entry
https://www.nagios.com/downloads/nagios-xi/change-log/
Release Notes
Vendor Advisory
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
Release Notes
Vendor Advisory
https://blog.redactedsec.net/exploits/2018/04/26/nagios.html
Exploit
Technical Description
Third Party Advisory
https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f
Third Party Advisory
https://www.exploit-db.com/exploits/44560/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/44969/
Exploit
Third Party Advisory
VDB Entry
https://www.nagios.com/downloads/nagios-xi/change-log/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*

Версия от 5.2.0 (включая) до 5.4.13 (исключая)

EPSS

Процентиль: 99%

0.77102

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2018-8733

CVSS3: 9.8

ubuntu

почти 8 лет назад

GHSA-gmp2-vm3x-mcpx

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 99%

0.77102

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89