CVE-2023-48082

Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.nagios.com/change-log/

Configurations

No configuration.

History

25 Oct 2024, 17:15

Type	Values Removed	Values Added
Summary	(en) Nagios XI before 5.11.3 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate.	(en) Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate.

15 Oct 2024, 15:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1

15 Oct 2024, 12:57

Type	Values Removed	Values Added
Summary		(es) Se descubrió que Nagios XI anterior a 5.11.3 2024R1 manejaba incorrectamente la generación de claves API (generadas aleatoriamente), lo que permitía a los atacantes generar posiblemente el mismo conjunto de claves API para todos los usuarios y utilizarlas para autenticarse.

14 Oct 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-14 19:15

Updated : 2024-10-25 17:15

NVD link : CVE-2023-48082

Mitre link : CVE-2023-48082

CVE.ORG link : CVE-2023-48082

JSON object : View

Products Affected

No product.

CWE

No CWE.

9.1 /10