CVE-2018-17148
First published: Wed Jun 19 2019(Updated: )
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios | <5.5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-17148?
CVE-2018-17148 is classified as a critical vulnerability due to its potential for credential disclosure.
How do I fix CVE-2018-17148?
To fix CVE-2018-17148, upgrade Nagios XI to version 5.5.4 or later.
What type of vulnerability is CVE-2018-17148?
CVE-2018-17148 is an Insufficient Access Control vulnerability.
What software is affected by CVE-2018-17148?
CVE-2018-17148 affects Nagios XI versions prior to 5.5.4.
What can attackers gain from exploiting CVE-2018-17148?
Exploitation of CVE-2018-17148 allows attackers to access configuration files containing sensitive credentials.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/nagios
- canonical/nagios