Details of VAR-201805-0700

ID

VAR-201805-0700

CVE

CVE-2018-10738

TITLE

Nagios XI In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005058

DESCRIPTION

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. Nagios XI Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nagios is an open source free network monitoring tool that can effectively monitor the status of Windows, Linux and Unix hosts, network devices such as switches, routers, printers, etc. Remote attackers can use this vulnerability to execute arbitrary SQL commands

Trust: 2.16

sources: NVD: CVE-2018-10738 // JVNDB: JVNDB-2018-005058 // CNVD: CNVD-2018-09747

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-09747

AFFECTED PRODUCTS

vendor:	nagios	model:	xi	scope:	gte	version:	5.4.0	Trust: 1.0
vendor:	nagios	model:	xi	scope:	lt	version:	5.4.13	Trust: 1.0
vendor:	nagios	model:	xi	scope:	gte	version:	5.2.0	Trust: 1.0
vendor:	nagios	model:	xi	scope:	lte	version:	5.2.9	Trust: 1.0
vendor:	nagios enterprises	model:	xi	scope:	lt	version:	5.4.13	Trust: 0.8
vendor:	nagios	model:	xi	scope:	eq	version:	5.2.*	Trust: 0.6
vendor:	nagios	model:	xi	scope:	eq	version:	5.4.*,<5.4.13	Trust: 0.6
vendor:	nagios	model:	xi	scope:	eq	version:	5.4.10	Trust: 0.6
vendor:	nagios	model:	xi	scope:	eq	version:	5.4.5	Trust: 0.6
vendor:	nagios	model:	xi	scope:	eq	version:	5.4.8	Trust: 0.6
vendor:	nagios	model:	xi	scope:	eq	version:	5.4.11	Trust: 0.6
vendor:	nagios	model:	xi	scope:	eq	version:	5.4.3	Trust: 0.6
vendor:	nagios	model:	xi	scope:	eq	version:	5.4.4	Trust: 0.6
vendor:	nagios	model:	xi	scope:	eq	version:	5.4.6	Trust: 0.6
vendor:	nagios	model:	xi	scope:	eq	version:	5.4.9	Trust: 0.6
vendor:	nagios	model:	xi	scope:	eq	version:	5.4.12	Trust: 0.6
vendor:	nagios	model:	xi	scope:	eq	version:	5.4.7	Trust: 0.6

sources: CNVD: CNVD-2018-09747 // JVNDB: JVNDB-2018-005058 // CNNVD: CNNVD-201805-491 // NVD: CVE-2018-10738

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-10738
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-10738
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-09747
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201805-491
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2018-10738
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-09747
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-10738
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-09747 // JVNDB: JVNDB-2018-005058 // CNNVD: CNNVD-201805-491 // NVD: CVE-2018-10738

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2018-005058 // NVD: CVE-2018-10738

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-491

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201805-491

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005058

PATCH

title:	Nagios XI	url:	https://www.nagios.com/products/nagios-xi/	Trust: 0.8
title:	Nagios XI SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83426	Trust: 0.6

sources: JVNDB: JVNDB-2018-005058 // CNNVD: CNNVD-201805-491

EXTERNAL IDS

db:	NVD	id:	CVE-2018-10738	Trust: 3.0
db:	SEEBUG	id:	SSVID-97268	Trust: 2.4
db:	JVNDB	id:	JVNDB-2018-005058	Trust: 0.8
db:	CNVD	id:	CNVD-2018-09747	Trust: 0.6
db:	NSFOCUS	id:	39814	Trust: 0.6
db:	CNNVD	id:	CNNVD-201805-491	Trust: 0.6

sources: CNVD: CNVD-2018-09747 // JVNDB: JVNDB-2018-005058 // CNNVD: CNNVD-201805-491 // NVD: CVE-2018-10738

REFERENCES

url:	https://www.seebug.org/vuldb/ssvid-97268	Trust: 2.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10738	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10738	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/39814	Trust: 0.6

sources: JVNDB: JVNDB-2018-005058 // CNNVD: CNNVD-201805-491 // NVD: CVE-2018-10738

SOURCES

db:	CNVD	id:	CNVD-2018-09747
db:	JVNDB	id:	JVNDB-2018-005058
db:	CNNVD	id:	CNNVD-201805-491
db:	NVD	id:	CVE-2018-10738

LAST UPDATE DATE

2024-11-23T22:58:59.381000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-09747	date:	2018-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-005058	date:	2018-07-05T00:00:00
db:	CNNVD	id:	CNNVD-201805-491	date:	2018-05-17T00:00:00
db:	NVD	id:	CVE-2018-10738	date:	2024-11-21T03:41:57.640

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-09747	date:	2018-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-005058	date:	2018-07-05T00:00:00
db:	CNNVD	id:	CNNVD-201805-491	date:	2018-05-17T00:00:00
db:	NVD	id:	CVE-2018-10738	date:	2018-05-16T13:29:00.420