Primary

Context

Nagios Fusion Two-Factor Authentication Session Management Vulnerability

Vulnerability

Patched

A vulnerability exists in Nagios Fusion versions prior to R2.1, where the application fails to enforce re-authentication or session rotation for users who have enabled two-factor authentication (2FA). This oversight allows an attacker with a valid session to maintain access even after the user activates 2FA, potentially leading to persistent account takeover by preventing the user from disconnecting the attacker.

Impact

Exploitation of this vulnerability could result in unauthorized continued access to a user's account after 2FA is enabled, allowing for persistent account takeover.

Remediation

Users are advised to upgrade to Nagios Fusion version R2.1 or higher.

Added: Oct 30, 2025, 10:32 PM

Updated: Oct 30, 2025, 10:32 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.3

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.3

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nagios Fusion Two-Factor Authentication Session Management Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Nagios Fusion

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating