A series of security vulnerabilities have come to light in Nagios XI, a widely used network monitoring software. These vulnerabilities, tracked from CVE-2023-40931 to CVE-2023-40934, have raised concerns regarding potential privilege escalation and information disclosure within the affected software.
The impacted versions of Nagios XI are those up to and including version 5.11.1. These vulnerabilities were responsibly disclosed on August 4, 2023, and have since been addressed with the release of Nagios XI version 5.11.2, issued on September 11, 2023.
Astrid Tedenbrant, a researcher from Outpost24, shed light on the nature of these vulnerabilities. Notably, three of them (CVE-2023-40931, CVE-2023-40933, and CVE-2023-40934) enable users, with varying levels of privileges, to exploit SQL injection vulnerabilities. These vulnerabilities provide unauthorized access to database fields, potentially leading to the escalation of privileges and the exposure of sensitive user data, including password hashes and API tokens.
On a separate note, CVE-2023-40932 pertains to a cross-site scripting (XSS) vulnerability within the Custom Logo component of Nagios XI. Exploiting this flaw could lead to the retrieval of sensitive data, including cleartext passwords, from the login page.
To provide a comprehensive overview, here’s a summary of the identified flaws:
- CVE-2023-40931 – SQL Injection flaw in Banner acknowledging endpoint.
- CVE-2023-40932 – Cross-Site Scripting flaw in Custom Logo Component.
- CVE-2023-40933 – SQL Injection flaw in Announcement Banner Settings.
- CVE-2023-40934 – SQL Injection flaw in Host/Service Escalation in the Core Configuration Manager (CCM).
Successful exploitation of the SQL injection vulnerabilities could empower an authenticated attacker to execute arbitrary SQL commands, potentially compromising the integrity of the system. Meanwhile, the XSS vulnerability (CVE-2023-40932) could be leveraged to inject arbitrary JavaScript, enabling unauthorized access to and manipulation of page data.
It’s worth noting that this is not the first instance of security concerns surrounding Nagios XI. In 2021, Skylight Cyber and Claroty uncovered a range of vulnerabilities, totaling as many as two dozen, which could be exploited to compromise infrastructure and achieve remote code execution. These incidents underline the importance of regular security assessments and timely software updates to mitigate such risks effectively.
