PT-2025-8984 · Nagios · Nagios Xi

Publicado

2025-02-27

·

Atualizado

2025-03-03

·

CVE-2024-54957

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Nagios XI version 2024R1.2.2
Description The issue is an open redirect flaw located on the Tools page, which can be exploited by users with read-only permissions. This allows an attacker to craft a malicious link that redirects users to an arbitrary external URL without their consent.
Recommendations For Nagios XI version 2024R1.2.2, as a temporary workaround, consider restricting access to the Tools page until a patch is available.

Exploit

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

CVE-2024-54957

Produtos afetados

Nagios Xi