virus logo Intrusion Prevention

Nagios.Network.Analyzer.Create.CSRF

description-logoDescription

This indicates an attack attempt to exploit a Cross-site Request Forgery vulnerability in Nagios Network Analyzer.
The vulnerability is due to insufficient Cross-site Request Forgery protection on the user creation form. An unauthenticated remote attacker could entice an unauthenticated administrator to visit a maliciously crafted webpage to exploit this vulnerability and create a user with administrative privileges on the target server.

affected-products-logoAffected Products

Nagios Network Analyzer prior to 2.2.2

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the latest update from the vendor.
https://assets.nagios.com/downloads/nagios-network-analyzer/CHANGES.TXT

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

https://assets.nagios.com/downloads/nagios-network-analyzer/CHANGES.TXT http://seclists.org/bugtraq/2016/Aug/74
ID 42906
Created Sep 16, 2016
Updated Oct 03, 2016
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS All
Affected App Other