|
Yesterday (10th of May) Nagios (nagios.com/news/2018/05/security-vulnerability-upgrade-to-nagios-xi-5-4-13/) posted information about several vulnerabilities that has been found in Nagios which can be (unauthenticated) chain executed and will lead to root access. Nagios users are urged (especially if Nagios is publicly accessible) to upgrade as soon as possible. The chain consists of the following steps: * CVE-2018-8734 - SQL injection (unauthenticated) * CVE-2018-8733 - authentication bypass * CVE-2018-8735 - command injection (authenticated) * CVE-2018-8736 - local privilege escalation More information in detail can be found here: blog.redactedsec.net/exploits/2018/04/26/… Upgrade is available here (OVA): assets.nagios.com/downloads/nagiosxi/5/ovf/… |
Remco 24 Posts ISC Handler |
| thread locked Quote Subscribe |
May 11th 2018 2 years ago |
Sign Up for Free or Log In to start participating in the conversation!
