Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Flaws in Nagios Network Management Product Can Pose Risk to Many Companies

Researchers have discovered nearly a dozen vulnerabilities in widely used network management products from Nagios. The flaws could pose a serious risk to organizations as these types of products can be a tempting target for malicious actors.

Researchers have discovered nearly a dozen vulnerabilities in widely used network management products from Nagios. The flaws could pose a serious risk to organizations as these types of products can be a tempting target for malicious actors.

The vulnerabilities were discovered by researchers at industrial cybersecurity firm Claroty as part of a research project focusing on the use of network management systems in IT, OT and IoT networks.

The security holes have been found to impact Nagios XI, XI Switch Wizard, XI Docker Wizard, and XI WatchGuard. The vendor released patches for each of the impacted products in August.

Nagios Core is an open source tool designed for monitoring IT infrastructure, and Nagios XI is a commercial version that expands the Core version’s capabilities. The vendor says its software is used by thousands of organizations worldwide, including some major brands such as Verizon and IBM.

An analysis of the product conducted by Claroty led to the discovery of 11 vulnerabilities that can be exploited for server-side request forgery (SSRF), spoofing, accessing information, local privilege escalation, and remote code execution.

Claroty has created a proof-of-concept (PoC) exploit showing how an authenticated attacker could chain some of the vulnerabilities to execute shell commands with root privileges.

While exploitation in many cases requires authentication, the cybersecurity firm noted that Nagios has an auto-login feature that can be used by administrators to set up read-only accounts that any user can connect to without credentials.

“While this feature might be useful for NOC [network operations center] purposes, allowing users to easily connect to the platform and view information without the need for credentials also allows attackers to gain access to a user account in the platform, thus rendering any post-auth vulnerability exploitable without authentication,” Claroty warned.

The company pointed to the incidents impacting SolarWinds and Kaseya to highlight the risks posed by the use of third-party IT management products.

Related: Vulnerability Found in Industrial Remote Access Product From Claroty

Related: Industrial Firms Warned of Risk Posed by Cloud-Based ICS Management Systems

Related: Several Vulnerabilities Patched in ‘MDT AutoSave’ Industrial Automation Product

Related: Vulnerability Allows Remote DoS Attacks Against Apps Using Linphone SIP Stack

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.