Summary
Nagios XI is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests.
Successful exploit requires that the 'nagiosadmin' be logged into the web interface.
Attackers can exploit these issues to gain unauthorized access to the affected application and perform certain administrative actions.
Nagios XI 2009R1.2B is vulnerable
other versions may also be
affected.
Solution
Reportedly, these issues have been fixed in Nagios XI 2009R1.2C.
Please see the references for more information.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- AlienForm CGI script
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities