PT-2025-44534 · Nagios Enterprises · Nagios Xi
Published
2013-02-05
·
Updated
2025-11-06
·
CVE-2013-10072
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nagios XI versions prior to 2012R1.6
Description
Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only roles could access Auto-Discovery endpoints and pages that require elevated permissions. This exposure allows unintended access to discovery results and discovery operations. The vulnerable functionality involves reaching Auto-Discovery endpoints directly, bypassing necessary permission checks.
Recommendations
Update to version 2012R1.6 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Xi