nvd-json-data-feeds/CVE-2018/CVE-2018-171xx/CVE-2018-17148.json

{
  "id": "CVE-2018-17148",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2019-06-19T18:15:11.040",
  "lastModified": "2019-06-21T21:11:21.640",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Control de acceso insuficiente (que lleva a la divulgaci\u00f3n de credenciales) en coreconfigsnapshot.php (tambi\u00e9n conocida como p\u00e1gina de instant\u00e1neas de configuraci\u00f3n) en Nagios XI antes de 5.5.4 permite a los atacantes remotos acceder a los archivos de configuraci\u00f3n que contienen credenciales confidenciales."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "5.5.4",
              "matchCriteriaId": "F391CD96-609F-4452-8712-368EB87754F6"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT",
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ]
    }
  ]
}