Nagios XI < 2012R1.6 Multiple Vulnerabilities

medium Nessus Plugin ID 65604

Synopsis

The remote host has a web application affected by multiple vulnerabilities.

Description

According to the self-reported version of Nagios XI, the remote host is affected by multiple vulnerabilities. The alertcloud component is vulnerable to a cross-site scripting attack and the autodiscovery module has a remote command execution vulnerability.

Solution

Upgrade to Nagios XI 2012R1.6.

See Also

http://www.nessus.org/u?2b85ff36

https://seclists.org/fulldisclosure/2013/Feb/10

https://assets.nagios.com/downloads/nagiosxi/CHANGES-2012.TXT

Plugin Details

Severity: Medium

ID: 65604

File Name: nagiosxi_2012r1_6.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 3/18/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:nagios:nagios_xi

Required KB Items: www/nagios_xi

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/5/2013

Vulnerability Publication Date: 2/3/2013

Reference Information

BID: 57672

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990