CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
97.0%
Authentication bypass vulnerability in the core config manager in Nagios XI
5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to
make configuration changes and leverage an authenticated SQL injection
vulnerability.
Author | Note |
---|---|
mdeslaur | No indication that these issues also affect open-source Nagios 3.x. |
assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f
launchpad.net/bugs/cve/CVE-2018-8733
nvd.nist.gov/vuln/detail/CVE-2018-8733
security-tracker.debian.org/tracker/CVE-2018-8733
www.cve.org/CVERecord?id=CVE-2018-8733
www.nagios.com/downloads/nagios-xi/change-log/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
97.0%