CVE-2022-3979 NagVis CoreLogonMultisite.php checkAuthCookie type conversion

🗓️ 13 Nov 2022 00:00:00Reported by VulDBType

A vulnerability found in NagVis up to version 1.9.33 allows remote attackers to initiate a rather complex attack via incorrect type conversion in CoreLogonMultisite.php checkAuthCookie

Reporter	Title	Published	Views	Family All 24
CNNVD	NagVis 代码问题漏洞	13 Nov 202200:00	–	cnnvd
CVE	CVE-2022-3979	13 Nov 202200:00	–	cve
Debian	[SECURITY] [DLA 4149-1] nagvis security update	1 May 202502:47	–	debian
Debian CVE	CVE-2022-3979	13 Nov 202200:00	–	debiancve
Tenable Nessus	Debian dla-4149 : nagvis - security update	1 May 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2022-3979	5 Mar 202500:00	–	nessus
EUVD	EUVD-2022-43308	3 Oct 202520:07	–	euvd
Hewlett-Packard	HP ThinPro 8.0 SP 7 Security Updates	26 Jan 202400:00	–	hp
NVD	CVE-2022-3979	13 Nov 202223:15	–	nvd
OpenVAS	Debian: Security Advisory (DLA-4149-1)	1 May 202500:00	–	openvas

[
  {
    "vendor": "n/a",
    "product": "NagVis",
    "versions": [
      {
        "version": "1.9.0",
        "status": "affected"
      },
      {
        "version": "1.9.1",
        "status": "affected"
      },
      {
        "version": "1.9.2",
        "status": "affected"
      },
      {
        "version": "1.9.3",
        "status": "affected"
      },
      {
        "version": "1.9.4",
        "status": "affected"
      },
      {
        "version": "1.9.5",
        "status": "affected"
      },
      {
        "version": "1.9.6",
        "status": "affected"
      },
      {
        "version": "1.9.7",
        "status": "affected"
      },
      {
        "version": "1.9.8",
        "status": "affected"
      },
      {
        "version": "1.9.9",
        "status": "affected"
      },
      {
        "version": "1.9.10",
        "status": "affected"
      },
      {
        "version": "1.9.11",
        "status": "affected"
      },
      {
        "version": "1.9.12",
        "status": "affected"
      },
      {
        "version": "1.9.13",
        "status": "affected"
      },
      {
        "version": "1.9.14",
        "status": "affected"
      },
      {
        "version": "1.9.15",
        "status": "affected"
      },
      {
        "version": "1.9.16",
        "status": "affected"
      },
      {
        "version": "1.9.17",
        "status": "affected"
      },
      {
        "version": "1.9.18",
        "status": "affected"
      },
      {
        "version": "1.9.19",
        "status": "affected"
      },
      {
        "version": "1.9.20",
        "status": "affected"
      },
      {
        "version": "1.9.21",
        "status": "affected"
      },
      {
        "version": "1.9.22",
        "status": "affected"
      },
      {
        "version": "1.9.23",
        "status": "affected"
      },
      {
        "version": "1.9.24",
        "status": "affected"
      },
      {
        "version": "1.9.25",
        "status": "affected"
      },
      {
        "version": "1.9.26",
        "status": "affected"
      },
      {
        "version": "1.9.27",
        "status": "affected"
      },
      {
        "version": "1.9.28",
        "status": "affected"
      },
      {
        "version": "1.9.29",
        "status": "affected"
      },
      {
        "version": "1.9.30",
        "status": "affected"
      },
      {
        "version": "1.9.31",
        "status": "affected"
      },
      {
        "version": "1.9.32",
        "status": "affected"
      },
      {
        "version": "1.9.33",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/NagVis/nagvis/commit/7574fd8a2903282c2e0d1feef5c4876763db21d5
sonarsource	www.sonarsource.com/blog/checkmk-rce-chain-2/
github	www.github.com/NagVis/nagvis/releases/tag/nagvis-1.9.34
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

24 Oct 2023 08:13Current

8.4High risk

Vulners AI Score8.4

CVSS 25.1

CVSS 3.15.6

CVSS 35.6

EPSS0.00584

CWE-704