Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Critical Security Flaws Exposed in Nagios XI Network Monitoring Software

    justmattgBy justmattgSeptember 20, 2023No Comments2 Mins Read

    [ad_1]

    Sep 20, 2023THNNetwork Security / Vulnerability

    Nagios XI Network Monitoring Software

    Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure.

    The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, They have been patched as of September 11, 2023, with the release of version 5.11.2.

    “Three of these vulnerabilities (CVE-2023-40931, CVE-2023-40933 and CVE-2023-40934) allow users, with various levels of privileges, to access database fields via SQL Injections,” Outpost24 researcher Astrid Tedenbrant said.

    Cybersecurity

    “The data obtained from these vulnerabilities may be used to further escalate privileges in the product and obtain sensitive user data such as password hashes and API tokens.”

    CVE-2023-40932, on the other hand, relates to a cross-site scripting (XSS) flaw in the Custom Logo component that could be used to read sensitive data, including cleartext passwords from the login page.

    The list of flaws is described below –

    • CVE-2023-40931 – SQL Injection in Banner acknowledging endpoint
    • CVE-2023-40932 – Cross-Site Scripting in Custom Logo Component
    • CVE-2023-40933 – SQL Injection in Announcement Banner Settings
    • CVE-2023-40934 – SQL Injection in Host/Service Escalation in the Core Configuration Manager (CCM)

    Successful exploitation of the three SQL injection vulnerabilities could permit an authenticated attacker to execute arbitrary SQL commands, while the XSS bug could be exploited to inject arbitrary JavaScript and read and modify page data.

    This is not the first time security issues have been uncovered in Nagios XI. In 2021, Skylight Cyber and Claroty discovered as many as two dozen flaws that could be abused to hijack the infrastructure and achieve remote code execution.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleShroudedSnooper’s HTTPSnoop Backdoor Targets Middle East Telecom Companies
    Next Article International Criminal Court Suffers Cyberattack
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑