A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enabling unauthorized modifications that compromise system integrity and availability.
References
Link | Resource |
---|---|
https://github.com/harshal79/Privilege-Escalation-in-Nagios-Network-Analyzer.git | Third Party Advisory |
https://www.nagios.com/changelog/#network-analyzer | Release Notes |
Configurations
History
20 Jun 2025, 15:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nagios:nagios_network_analyzer:2024:r1.0.3:*:*:*:*:*:* | |
Summary |
|
|
References | () https://github.com/harshal79/Privilege-Escalation-in-Nagios-Network-Analyzer.git - Third Party Advisory | |
References | () https://www.nagios.com/changelog/#network-analyzer - Release Notes | |
First Time |
Nagios nagios Network Analyzer
Nagios |
01 Apr 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
CWE | CWE-285 |
01 Apr 2025, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-04-01 17:15
Updated : 2025-06-20 15:29
NVD link : CVE-2025-28131
Mitre link : CVE-2025-28131
CVE.ORG link : CVE-2025-28131
JSON object : View
Products Affected
nagios
- nagios_network_analyzer
CWE
CWE-285
Improper Authorization