The vulnerability of the update_banner_message() function in the Nagios XI monitoring tool allows a hacker to gain unauthorized access to protected information and execute arbitrary code.

🗓️ 27 Sep 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 5 Views

Nagios XI update_banner_message flaw lets attackers access data and execute code via unsafe ID.

Reporter	Title	Published	Views	Family All 16
GithubExploit	Exploit for SQL Injection in Nagios Nagios_Xi	27 Apr 202401:44	–	githubexploit
ATTACKERKB	CVE-2023-40933	19 Sep 202323:15	–	attackerkb
Circl	CVE-2023-40933	21 Sep 202314:50	–	circl
CNNVD	Nagios XI SQL Injection Vulnerability	19 Sep 202300:00	–	cnnvd
CVE	CVE-2023-40933	19 Sep 202300:00	–	cve
Cvelist	CVE-2023-40933	19 Sep 202300:00	–	cvelist
hivepro	Critical Security Vulnerabilities Uncovered in Nagios XI	25 Sep 202305:14	–	hivepro
Tenable Nessus	Nagios XI < 5.11.2 Multiple Vulnerabilities	21 Sep 202300:00	–	nessus
NCSC	Vulnerabilities fixed in Nagios XI	12 Sep 202300:00	–	ncsc
NVD	CVE-2023-40933	19 Sep 202323:15	–	nvd

Vulners

Node

nagios_enterprises_llc nagios_xiRange<5.11.2

Source	Link
nagios	www.nagios.com/
outpost24	www.outpost24.com/blog/nagios-xi-vulnerabilities/
nagios	www.nagios.com/products/security/
vuldb	www.vuldb.com/
web	www.web.nvd.nist.gov/view/vuln/detail

27 Sep 2023 00:00Current

8.3High risk

Vulners AI Score8.3

CVSS 38.8

CVSS 29

EPSS0.05335

Nagios update banner message unsafe id handling