Nagios.XI.Unauthorized.API.Key.Regeneration.Privilege.Elevation
Description
This indicates an attack attempt to exploit a Privilege Elevation vulnerability in Nagios XI.
The vulnerability is due to the application's failure to properly sanitize user input before using it in an API key regeneration. As a result, a remote attacker can send a crafted request to execute API calls at elevated privileges.
Affected Products
Nagios XI version 5.5.6
Impact
Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.nagios.com/downloads/nagios-xi/change-log/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-06 | 14.627 | Severity:medium:high |
2019-01-02 | 13.516 | Default_action:pass:drop |
2018-11-30 | 13.501 |