Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-48082

Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate.

Published

2024-10-14T19:15:10.780

Last Modified

2025-07-10T17:06:27.267

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nagios	nagios_xi	< 2014	Yes
Application	nagios	nagios_xi	2014	Yes
Application	nagios	nagios_xi	2014	Yes
Application	nagios	nagios_xi	2014	Yes
Application	nagios	nagios_xi	2014	Yes
Application	nagios	nagios_xi	2014	Yes
Application	nagios	nagios_xi	2014	Yes
Application	nagios	nagios_xi	2014	Yes
Application	nagios	nagios_xi	2014	Yes
Application	nagios	nagios_xi	2014	Yes
Application	nagios	nagios_xi	2014	Yes
Application	nagios	nagios_xi	2014	Yes
Application	nagios	nagios_xi	2014	Yes
Application	nagios	nagios_xi	2014	Yes

References

https://www.nagios.com/change-log/ Release Notes ([email protected])