Home Cyber Crime Nagios IT monitoring vulnerabilities chained to compromise telco customers en masse

Nagios IT monitoring vulnerabilities chained to compromise telco customers en masse


John Leyden

25 Might 2021 at 09:57 UTC

Up to date: 25 Might 2021 at 09:59 UTC

Medium-impact flaws mixed to create ‘upstream assault platform’

Nagios IT monitoring tool vulnerabilities pose telco customer pwnage risk

Safety researchers have detailed how a sequence of average severity vulnerabilities in IT monitoring know-how Nagios could possibly be chained collectively to assault organizations on a grand scale.

Researchers at Australian safety consultancy Skylight found a complete of 13 safety flaws in Nagios, a broadly used open supply IT monitoring software corresponding to SolarWinds.

The failings in Nagios XI and Nagios Fusion servers have been reported to the seller, who addressed the vulnerabilities final October.

Examine your monitor

The Nagios vulnerabilities found by Skylight contain a cross-site scripting (XSS) flaw, a sequence of privilege escalation flaw, an data disclosure bug, and an authenticated distant code execution difficulty.

Skylight acknowledges the requirement for an attacker to be authenticated in a technical write-up that describes the failings as a “few lame(ish) vulnerabilities in Nagios”.

RECOMMENDED Open source ecosystem ripe for dependency confusion attacks, research finds

Nonetheless, dismissing the failings as inconsequential could be a mistake as a result of the researchers have been in a position to chain collectively a collection of these vulnerabilities to assault the monitoring infrastructure of a telco or different service supplier (offering they’re able to first break into the Nagios-related techniques of certainly one of its customers).

Chain gang

SolarWinds’ replace mechanism was compromised to hold out a high-profile hack against US government agencies and others final yr, so flaws in any related know-how, corresponding to Nagios, benefit elevated scrutiny.

Skylight’s Adi Ashkenazy advised The Day by day Swig: “When chaining collectively 5 of the vulnerabilities, an attacker can [compromise] your entire monitoring infrastructure with none operator intervention.”

“In a telco setting, the place a telco is monitoring hundreds of websites, if a buyer’s web site is totally compromised, an attacker can use the vulnerabilities to compromise the telco, after which each different monitored buyer web site,” Ashkenazy added.

Catch up on the latest security research news

Skylight has developed a post-exploitation software known as SoyGun that chains the vulnerabilities and automates the method of breaking into weak Nagios techniques.

The software was launched to the penetration testing group as an open supply undertaking.

The Day by day Swig is but to obtain a response to a request for remark from Nagios and on follow-up inquiries to Skylight on these now-patched bugs. We’ll replace this story as and when extra data comes at hand.

READ MORE Critical vulnerabilities patched in QNAP Music Station, Malware Remover apps

Source link