Security Experts:

Connect with us

Hi, what are you looking for?



Flaws in Nagios Network Management Product Can Pose Risk to Many Companies

Researchers have discovered nearly a dozen vulnerabilities in widely used network management products from Nagios. The flaws could pose a serious risk to organizations as these types of products can be a tempting target for malicious actors.

Researchers have discovered nearly a dozen vulnerabilities in widely used network management products from Nagios. The flaws could pose a serious risk to organizations as these types of products can be a tempting target for malicious actors.

The vulnerabilities were discovered by researchers at industrial cybersecurity firm Claroty as part of a research project focusing on the use of network management systems in IT, OT and IoT networks.

The security holes have been found to impact Nagios XI, XI Switch Wizard, XI Docker Wizard, and XI WatchGuard. The vendor released patches for each of the impacted products in August.

Nagios Core is an open source tool designed for monitoring IT infrastructure, and Nagios XI is a commercial version that expands the Core version’s capabilities. The vendor says its software is used by thousands of organizations worldwide, including some major brands such as Verizon and IBM.

An analysis of the product conducted by Claroty led to the discovery of 11 vulnerabilities that can be exploited for server-side request forgery (SSRF), spoofing, accessing information, local privilege escalation, and remote code execution.

Claroty has created a proof-of-concept (PoC) exploit showing how an authenticated attacker could chain some of the vulnerabilities to execute shell commands with root privileges.

While exploitation in many cases requires authentication, the cybersecurity firm noted that Nagios has an auto-login feature that can be used by administrators to set up read-only accounts that any user can connect to without credentials.

“While this feature might be useful for NOC [network operations center] purposes, allowing users to easily connect to the platform and view information without the need for credentials also allows attackers to gain access to a user account in the platform, thus rendering any post-auth vulnerability exploitable without authentication,” Claroty warned.

The company pointed to the incidents impacting SolarWinds and Kaseya to highlight the risks posed by the use of third-party IT management products.

Related: Vulnerability Found in Industrial Remote Access Product From Claroty

Related: Industrial Firms Warned of Risk Posed by Cloud-Based ICS Management Systems

Related: Several Vulnerabilities Patched in ‘MDT AutoSave’ Industrial Automation Product

Related: Vulnerability Allows Remote DoS Attacks Against Apps Using Linphone SIP Stack

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...