CVE-2022-29271
First published: Wed Jun 29 2022(Updated: )
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Nagios XI | <=5.8.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-29271?
CVE-2022-29271 is a vulnerability in Nagios XI through 5.8.5 that allows a read-only Nagios user to schedule downtime for any host/services, potentially disabling all monitoring checks.
How severe is CVE-2022-29271?
CVE-2022-29271 has a severity value of 6.5, indicating a medium-level vulnerability.
Which software versions are affected by CVE-2022-29271?
Nagios XI versions up to and including 5.8.5 are affected by CVE-2022-29271.
How can an attacker exploit CVE-2022-29271?
An attacker with read-only Nagios user privileges can exploit CVE-2022-29271 to schedule downtime for any host/services, potentially disabling all monitoring checks.
Are there any references for CVE-2022-29271?
Yes, you can find references for CVE-2022-29271 in the following links: [Reference 1](https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT), [Reference 2](https://github.com/4LPH4-NL/CVEs), [Reference 3](https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi).
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/nagios
- canonical/nagios nagios xi
- version/nagios nagios xi/5.8.5