Researchers have discovered nearly a dozen vulnerabilities in widely used network management products from Nagios. The flaws could pose a serious risk to organizations as these types of products can be a tempting target for malicious actors.
The vulnerabilities were discovered by researchers at industrial cybersecurity firm Claroty as part of a research project focusing on the use of network management systems in IT, OT and IoT networks.
The security holes have been found to impact Nagios XI, XI Switch Wizard, XI Docker Wizard, and XI WatchGuard. The vendor released patches for each of the impacted products in August.
Nagios Core is an open source tool designed for monitoring IT infrastructure, and Nagios XI is a commercial version that expands the Core version’s capabilities. The vendor says its software is used by thousands of organizations worldwide, including some major brands such as Verizon and IBM.
An analysis of the product conducted by Claroty led to the discovery of 11 vulnerabilities that can be exploited for server-side request forgery (SSRF), spoofing, accessing information, local privilege escalation, and remote code execution.
Claroty has created a proof-of-concept (PoC) exploit showing how an authenticated attacker could chain some of the vulnerabilities to execute shell commands with root privileges.
While exploitation in many cases requires authentication, the cybersecurity firm noted that Nagios has an auto-login feature that can be used by administrators to set up read-only accounts that any user can connect to without credentials.
“While this feature might be useful for NOC [network operations center] purposes, allowing users to easily connect to the platform and view information without the need for credentials also allows attackers to gain access to a user account in the platform, thus rendering any post-auth vulnerability exploitable without authentication,” Claroty warned.
The company pointed to the incidents impacting SolarWinds and Kaseya to highlight the risks posed by the use of third-party IT management products.
Related: Vulnerability Found in Industrial Remote Access Product From Claroty
Related: Industrial Firms Warned of Risk Posed by Cloud-Based ICS Management Systems
Related: Several Vulnerabilities Patched in ‘MDT AutoSave’ Industrial Automation Product
Related: Vulnerability Allows Remote DoS Attacks Against Apps Using Linphone SIP Stack
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- New York Man Arrested for Running BreachForums Cybercrime Website
- Exploitation of Recent Fortinet Zero-Day Linked to Chinese Cyberspies
- Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111
- Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
Latest News
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
