Vulnerabilities > CVE-2022-29271 - Incorrect Authorization vulnerability in Nagios XI
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
- https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
- https://github.com/4LPH4-NL/CVEs
- https://github.com/4LPH4-NL/CVEs
- https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi
- https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi
- https://www.nagios.com/downloads/nagios-xi/change-log/
- https://www.nagios.com/downloads/nagios-xi/change-log/