Primary

Context

Nagios Fusion Session Hijacking Vulnerability Due to Inadequate Two-Factor Authentication Management

Vulnerability

Patched

A session hijacking vulnerability exists in Nagios Fusion versions 2024R1.2 and 2024R2. When two-factor authentication (2FA) is enabled, the application does not invalidate existing session tokens. This oversight allows attackers to exploit active sessions and bypass the 2FA requirement, potentially leading to unauthorized actions.

Impact

Exploitation of this vulnerability allows for session hijacking, where an attacker can use an active session to perform actions without the 2FA verification, effectively bypassing the added security measure.

Remediation

Users are advised to update to Nagios Fusion version 2024R2.1, where this vulnerability has been addressed.

Added: Oct 27, 2025, 4:18 PM

Updated: Oct 27, 2025, 8:33 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

8.1

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

8.1

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nagios Fusion Session Hijacking Vulnerability Due to Inadequate Two-Factor Authentication Management

Vulnerability

Impact

Remediation

Affected Products

Nagios Fusion

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating