CVE-2023-48084
published 2023-12-14CVE-2023-48084: Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
33.74%
98.2th percentile
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nagios | nagios_xi | < 5.11.3 | 5.11.3 |
Detection & IOCsextracted from sources · hover to see the quote
othernsp token extractor regex: name="nsp" value="(.*)">
sigma
nuclei template with matchers: contains(body_1, 'SQL') and contains(body_3, 'Home Dashboard') with nsp extractor
- →CVE-2023-48084 targets the Nagios XI bulk modification tool endpoint; SQL injection payloads sent via that tool should be monitored in HTTP request bodies to Nagios XI instances prior to version 5.11.3. ↗
- →Nuclei-based exploit/detection template fingerprints the target by checking for 'Home Dashboard' in the response body after authentication, then extracts the nsp (nonce/CSRF) token for use in the SQL injection request.
- →The nsp (nonce) parameter value is extracted from the authenticated session page using the regex pattern 'name="nsp" value="(.*)">' and is used as part of the exploit chain against the bulk modification tool.
- ·The nuclei template digest/signature is embedded in the template file and can be used to identify or block the specific exploit template in network or file-based detections.
- ·Exploitation requires prior authentication to Nagios XI (the template performs a login step and checks for 'Home Dashboard' before proceeding), so unauthenticated SQL injection is not indicated by the available sources.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x3mv-x599-m8pw: Nagios XI before version 5
ghsa_unreviewed·2023-12-14
CVE-2023-48084 [CRITICAL] CWE-89 GHSA-x3mv-x599-m8pw: Nagios XI before version 5
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
VulnCheck
Nagios Nagios XI Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2023·CVSS 9.8
CVE-2023-48084 [CRITICAL] Nagios Nagios XI Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Nagios Nagios XI Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
Affected: Nagios Nagios XI
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2023-48084
Exploit PoC: https://vulncheck.com/xdb/f5bc1c1f2988; https://vulncheck.com/xdb/a9de5bf43fa9
No detection rules found.
Nuclei
Nagios XI < 5.11.3 - SQL Injection
nuclei·CVSS 9.8
CVE-2023-48084 [CRITICAL] Nagios XI < 5.11.3 - SQL Injection
Nagios XI =5'
- 'contains(body_3, "Home Dashboard")'
condition: and
extractors:
- type: regex
name: nsp
part: body
group: 1
regex:
- 'name="nsp" value="(.*)">'
internal: true
# digest: 4b0a00483046022100f09317506c9dc6a0532287d977b0157d0a6d5df6d21fd70d9d27970b0e14b688022100efe0cef8edb6b8f295ff89f218f8d5d63bdc0dc73e370e25d43874ec38a97bd3:922c64590222798bb761d5b6d8e72950
2023-12-14
Published
Exploited in the wild