CVE-2022-29272
MEDIUM NUCLEINagios XI <= 5.8.5 - Open Redirect via Login Function
Title source: llmExploitation Summary
CVE-2022-29272 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
Nuclei Templates (1)
Nagios XI <5.8.5 - Open Redirect
MEDIUMby ritikchaddha
Shodan:
http.title:"nagios xi"
FOFA:
title="nagios xi" || app="nagios-xi"
References (4)
Core 4
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.nagios.com/downloads/nagios-xi/change-log/
Release Notes, Vendor Advisory x_refsource_misc
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
Third Party Advisory x_refsource_misc
https://github.com/4LPH4-NL/CVEs
Third Party Advisory x_refsource_misc
https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi
Scores
CVSS v3
6.1
EPSS
0.0335
EPSS Percentile
87.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (1)
nagios/nagios_xi
< 5.8.5
Published
Jun 29, 2022
Tracked Since
Feb 18, 2026