Nagios XI < 2024R1 API Key Security

🗓️ 17 Oct 2024 00:00:00Reported by TenableType

Nagios XI 2024R1 API Key Security Fil

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2023-48082	14 Oct 202421:42	–	circl
CNNVD	Nagios XI 安全漏洞	14 Oct 202400:00	–	cnnvd
CVE	CVE-2023-48082	14 Oct 202400:00	–	cve
Cvelist	CVE-2023-48082	14 Oct 202400:00	–	cvelist
NVD	CVE-2023-48082	14 Oct 202419:15	–	nvd
OSV	CVE-2023-48082	14 Oct 202419:15	–	osv
Positive Technologies	PT-2024-13539 · Nagios Xi · Nagios Xi	14 Oct 202400:00	–	ptsecurity
Vulnrichment	CVE-2023-48082	14 Oct 202400:00	–	vulnrichment

Source	Link
nagios	www.nagios.com/downloads/nagios-xi/change-log/
nagios	www.nagios.com/products/security/
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(209235);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/02/28");

  script_cve_id("CVE-2023-48082");
  script_xref(name:"IAVB", value:"2024-B-0155-S");

  script_name(english:"Nagios XI < 2024R1 API Key Security");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a web application affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to the self-reported version of Nagios XI, the remote host is affected by a vulnerability related to the
generation of API keys. Nagios XI before 5.11.3 2024R1 was discovered to improperly handle API keys generation
(randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to
authenticate.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.nagios.com/downloads/nagios-xi/change-log/");
  script_set_attribute(attribute:"see_also", value:"https://www.nagios.com/products/security/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Nagios XI 2024R1 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-48082");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/10/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/12/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/10/17");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:nagios:nagios_xi");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2024-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("nagios_enterprise_detect.nasl", "nagiosxi_nix_installed.nbin");
  script_require_ports("installed_sw/nagios_xi", "installed_sw/Nagios XI");

  exit(0);
}

include('vcf_extras.inc');

var app_info = vcf::nagiosxi::get_app_info();

var constraints = [
    {'fixed_version': '2024R1'}
];

vcf::nagiosxi::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, default_fix:'2024R1');

28 Feb 2025 00:00Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.19.1

EPSS0.01145

SSVC