CVE-2022-29271

Опубликовано: 29 июн. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.

Ссылки

https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
Release Notes
Vendor Advisory
https://github.com/4LPH4-NL/CVEs
Third Party Advisory
https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi
Third Party Advisory
https://www.nagios.com/downloads/nagios-xi/change-log/
Release Notes
Vendor Advisory
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
Release Notes
Vendor Advisory
https://github.com/4LPH4-NL/CVEs
Third Party Advisory
https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi
Third Party Advisory
https://www.nagios.com/downloads/nagios-xi/change-log/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*

Версия до 5.8.5 (включая)

EPSS

Процентиль: 67%

0.00543

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-7r6c-w44p-vhc8