Claroty finds 11 vulnerabilities in Nagios

By Dylan Bushell-Embling
Friday, 01 October, 2021

Claroty finds 11 vulnerabilities in Nagios

Industrial IoT security company Claroty has discovered 11 vulnerabilities affecting popular network management system Nagios that could leave users vulnerable to credential theft, phishing attacks and escalation of user permissions.

Nagios — an open-source tool for monitoring IT infrastructure for performance issues — is used by thousands of organisations worldwide.

Researchers from Claroty’s Team82 discovered vulnerabilities that can lead to remote code execution with the same privileges as an Apache user.

By chaining some of the vulnerabilities, the users were able to exploit the vulnerabilities to gain remote access to all network management systems through root privileges.

In a threat advisory, Team82 said it had commenced the research in light of the high-profile recent SolarWinds and Kaseya supply chain attacks.

Claroty is recommending all users of Nagios Core and Nagios Core Xi update their affected systems as a matter of urgency.

Network administrators should also monitor access to the network management system to limit access to privileged insiders.

Network management systems have oversight of core servers, devices and other critical components in the enterprise network. Because the systems are used to monitor servers, they also often contain many network secrets such as credentials or API tokens that would be attractive to attackers.

Image credit: ©

Related News

Lack of leadership buy-in biggest obstacle to digital trust: report

A new report from ISACA says that many organisations say that in five years digital trust will be...

Lack of customer confidence affecting security strategies: report

A survey from LogRhythm finds three-quarters of ANZ companies changed their security strategy...

IMT sector was Australia's most targeted in 2023: report

The information, media and technology sector has been the Australian industry most targeted...

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd