Lynerc

**Name of the Vulnerable Software and Affected Versions** Nagios XI version 5.5.6 **Description** The issue allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. **Recommendations** For Nagios XI version 5.5.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nagios XI version 5.5.6 **Description** The issue allows local authenticated attackers to escalate privileges to root. This is achieved via the Autodiscover new.php file. **Recommendations** For Nagios XI version 5.5.6, update to a version that contains a fix for this issue to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess versions 8.3.1 through 8.3.2 **Description** The issue allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the `writeFile` API endpoint. This can be used to remotely execute arbitrary code. **Recommendations** For Advantech WebAccess versions 8.3.1 and 8.3.2, consider restricting access to the `writeFile` API endpoint until a patch is available. As a temporary workaround, limit the ability to write or overwrite files on the filesystem to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess versions 8.3.2 and earlier Description: A Path Traversal issue was discovered, allowing an attacker to access files within the directory structure of the target device. Recommendations: For Advantech WebAccess versions 8.3.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.