cve/2018/CVE-2018-15711.md

### [CVE-2018-15711](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15711)
![](https://img.shields.io/static/v1?label=Product&message=Nagios%20XI&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Privilege%20Escalation&color=brighgreen)

### Description

Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.

### POC

#### Reference
- https://www.tenable.com/security/research/tra-2018-37
- https://www.tenable.com/security/research/tra-2018-37

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-15711](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15711)`
			`![](https://img.shields.io/static/v1?label=Product&message=Nagios%20XI&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Privilege%20Escalation&color=brighgreen)`

			`### Description`

			`Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.`

			`### POC`

			`#### Reference`
			`- https://www.tenable.com/security/research/tra-2018-37`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://www.tenable.com/security/research/tra-2018-37`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`#### Github`
			`No PoCs found on GitHub currently.`