Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nagios XI < 2024R1.0.1 Privilege Escalation via System Profile
Vulnerability Description
Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capability. Due to improper access controls and unsafe handling of exported/imported profile data and operations, an authenticated administrator could exploit this vulnerability to execute actions on the underlying XI host outside the application's security scope. Successful exploitation may allow an administrator to obtain root privileges on the XI server.
CVSS Information
N/A
Vulnerability Type
特权管理不恰当
Vulnerability Title
Nagios XI 安全漏洞
Vulnerability Description
Nagios XI是美国Nagios公司的一套IT基础设施监控解决方案。该方案支持对应用、服务、操作系统等进行监控和预警。 Nagios XI 2024R1.0.1之前版本存在安全漏洞,该漏洞源于System Profile组件访问控制不当和不安全处理导出或导入的配置文件数据,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A