Primary

Context

Nagios Log Server Cluster Manager Credential Transmission Vulnerability

Vulnerability

Patched

A vulnerability exists in Nagios Log Server versions prior to 2024R2.0.2 within the cluster manager component. This issue involves the transmission of sensitive credentials from peer nodes over an unencrypted channel, despite SSL/TLS being enabled in the product configuration. Consequently, an attacker on the network path could intercept these credentials in transit. The captured credentials might allow authentication as a cluster node or service account, leading to unauthorized access, lateral movement, or system compromise.

Impact

Exploitation of this vulnerability allows for the interception of sensitive credentials in transit, which could be used to authenticate as a cluster node or service account, facilitating unauthorized access and potential system compromise.

Remediation

Users are advised to upgrade to Nagios Log Server version 2024R2.0.3 or later.

Added: Oct 30, 2025, 10:30 PM

Updated: Oct 30, 2025, 10:30 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nagios Log Server Cluster Manager Credential Transmission Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Nagios Log Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating