Executive Summary

This vulnerability is a Directory Traversal issue in NagiosXI 2026R1.0.1 build 1762361101, specifically in the /admin/coreconfigsnapshots.php component. It allows an attacker to access files and directories outside the intended directory, potentially exposing sensitive information.

Useful 0 Not Useful 0

Impact Analysis

The Directory Traversal vulnerability can allow attackers to read arbitrary files on the server, which may lead to exposure of sensitive data, configuration files, or credentials, potentially compromising the security of the affected system.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for suspicious HTTP GET requests targeting the vulnerable endpoint `/nagiosxi/admin/coreconfigsnapshots.php` with the `currentdiff` parameter containing directory traversal patterns such as `../../../../../../../../etc/hosts`. For example, you can use network traffic inspection tools like tcpdump or Wireshark to filter HTTP requests to this path. Additionally, you can use curl or wget commands to test the vulnerability manually, e.g., `curl -i "http://<nagiosxi-server>/nagiosxi/admin/coreconfigsnapshots.php?currentdiff=../../../../../../../../etc/hosts&archive=0"` to see if sensitive files are exposed. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable endpoint `/admin/coreconfigsnapshots.php` by implementing proper access controls, such as IP whitelisting or authentication enforcement. Additionally, monitor and block suspicious requests containing directory traversal patterns in the `currentdiff` parameter. Applying any available patches or updates from Nagios XI for version 2026R1.0.1 is recommended once released. As a temporary measure, consider disabling or restricting the affected functionality if possible. [1]

Useful 0 Not Useful 0