CVE-2023-7317
CVE-2023-7317
9.4
CriticalPublished:
Last updated:
Source:disclosure@vulncheck.com
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- Low
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- High
- Integrity (Subsequent)
- High
- Availability (Subsequent)
- High
Description
Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface without sufficient authorization, potentially allowing unauthorized command execution or disclosure of sensitive information.
References
disclosure@vulncheck.com
https://www.nagios.com/changelog/nagios-xi/disclosure@vulncheck.com
https://www.nagios.com/products/security/#nagios-xidisclosure@vulncheck.com
https://www.vulncheck.com/advisories/nagios-xi-web-ssh-terminal-missing-access-control