Nagios.XI.CCM.admin_views.inc.php.Arbitrary.File.Overwrite
Description
This indicates an attack attempt to exploit a Arbitrary File Overwrite Vulnerability in Nagios Enterprises Nagios XI.
The vulnerability is due to insufficient validation of the request parameter in admin_views.inc.php in the Static Config Editor tool. A remote authenticated attacker can exploit this vulnerability by sending a crafted request to the server. Successful exploitation could result in arbitrary file overwrite and code execution on the target server.
Affected Products
Nagios Enterprises Nagios XI prior to 5.7.2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.nagios.com/downloads/nagios-xi/change-log/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |