Cybersecurity researchers at Skylight Cyber have published details about 13 vulnerabilities in the Nagios open source software for monitoring IT networks and computer systems. Exploitation of vulnerabilities allows an attacker to compromise IT networks.

The most dangerous problem (CVE-2020-28648) received a score of 8.8 on the CVSS scale and is associated with improper input validation in the Auto-Discovery component of Nagios XI.

The attack scenario involves hacking the Nagios XI server at the customer site, using CVE-2020-28648 and CVE-2020-28910 vulnerabilities to gain remote access and elevate privileges to the superuser level. Once the server is compromised, the attacker can then send infected data to the Nagios Fusion control server, which monitors the entire infrastructure by periodically polling the Nagios XI servers.

"The infected data returned from the XI server allows cross-site scripting (CVE-2020-28903) and JavaScript code execution in the context of the Fusion user," the experts noted.

Experts reported their findings to Nagios in October 2020. In November 2020, the company released fixes to remove the issues.

Source: securitylab.ru