CVE-2023-7317

Summary

Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface without sufficient authorization, potentially allowing unauthorized command execution or disclosure of sensitive information.

Affected Software

VendorProductVersion RangeStatus
NagiosXI0 < 2024R1affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

Workarounds

Disable the web SSH terminal.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References