Headline
CVE-2022-29272: GitHub - sT0wn-nl/CVEs: The following is a list of my collected CVE's
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
The following is a list of my collected CVE’s
Nagios XI
Nagios XI is an enterprise monitoring solution, see https://www.nagios.com/products/nagios-xi/ for more information. During an pentest i’ve found 4 0days:
- CVE-2022-29270 No password conformation during e-mail change leads to account takeover
- CVE-2022-29272 Open redirect in login form
- CVE-2022-29269 HTML injection in schedueld report mails
- CVE-2022-29271 Permissions issue where read-only users could schedule downtimes using downtime.php
Glory Systems, RBW-100
The Glory RBW-100 banknote recycling system controls cash and removes the need for manual note handling. I’ve found two vulnerabilities in the Font Circle Controller management interface that can lead to a reverse root-shell:
- CVE-2019-10479 - Default hardcoded credentials
- CVE-2019-10478 - Arbitrary file upload
See a POC, combining these two vulnerabilities in action: https://youtu.be/MSKDfLpPOLw
Related news
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.