CVE-2018-15711
HIGHNagios XI 5.5.6 - Authenticated Privilege Escalation via API Key Reset
Title source: llmDescription
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2018-37
Scores
CVSS v3
8.8
EPSS
0.2757
EPSS Percentile
96.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
nagios/nagios_xi
5.5.6
Published
Nov 14, 2018
Tracked Since
Feb 18, 2026