Lucene search

[email protected]NVD:CVE-2023-40933

HistorySep 19, 2023 - 11:15 p.m.

CVE-2023-40933

2023-09-1923:15:10

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-40933

nagios xi

sql injection

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.

Affected configurations

Nvd

Node

nagiosnagios_xiRange<5.11.2

VendorProductVersionCPE
nagiosnagios_xi*cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nagios	nagios_xi	*	cpe:2.3:a:nagios:nagios_xi::::::::

References

nagios.com

outpost24.com/blog/nagios-xi-vulnerabilities/

www.nagios.com/products/security/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

Related for NVD:CVE-2023-40933

prion1 vulnrichment1 cve1 cvelist1 nessus1 thn1 hivepro1