virus logo Intrusion Prevention

Nagios.XI.CVE-2023-48085.command_test.php.Directory.Traversal

description-logoDescription

This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Nagios Enterprises Nagios XI.
The vulnerability is due to improper validation of user data used in a file path in the "command_test.php" script. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary command execution under the security context of the user running the vulnerable server.

affected-products-logoAffected Products

Nagios Enterprises Nagios XI prior to 5.11.3

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.nagios.com/products/security/#:~:text=2024R1.0.1%20or%20above.-,XI%205.11,-CVE

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2024-04-01 27.758 Default_action:pass:drop
2024-03-19 27.751
ID 54907
Created Mar 11, 2024
Updated Mar 19, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2023-48085
Exploit Prediction Score 28.54%
Default Action drop
Active
Affected OS Linux, BSD
Affected App Other