Claroty finds 11 vulnerabilities in Nagios

Industrial IoT security company Claroty has discovered 11 vulnerabilities affecting popular network management system Nagios that could leave users vulnerable to credential theft, phishing attacks and escalation of user permissions.

Nagios — an open-source tool for monitoring IT infrastructure for performance issues — is used by thousands of organisations worldwide.

Researchers from Claroty’s Team82 discovered vulnerabilities that can lead to remote code execution with the same privileges as an Apache user.

By chaining some of the vulnerabilities, the users were able to exploit the vulnerabilities to gain remote access to all network management systems through root privileges.

In a threat advisory, Team82 said it had commenced the research in light of the high-profile recent SolarWinds and Kaseya supply chain attacks.

Claroty is recommending all users of Nagios Core and Nagios Core Xi update their affected systems as a matter of urgency.

Network administrators should also monitor access to the network management system to limit access to privileged insiders.

Network management systems have oversight of core servers, devices and other critical components in the enterprise network. Because the systems are used to monitor servers, they also often contain many network secrets such as credentials or API tokens that would be attractive to attackers.

Image credit: ©stock.adobe.com/au/denisismagilov