CVE-2022-29272
Published: 29 June 2022
Summary
CVE-2022-29272 is a medium-severity Open Redirect (CWE-601) vulnerability in Nagios Nagios Xi. Its CVSS base score is 6.1 (Medium).
Operationally, ranked in the top 11.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Nagios XI versions through 5.8.5 contain an open redirect vulnerability in the login function, classified under CWE-601. The flaw permits an attacker-controlled URL to be supplied during authentication, resulting in redirection to an arbitrary destination and enabling spoofing. It carries a CVSS 3.1 score of 6.1 reflecting network attack vector, low complexity, no required privileges, and required user interaction with changed scope.
An unauthenticated remote attacker can exploit the issue by crafting a malicious link that victims are induced to click, allowing the attacker to redirect authenticated sessions to an external site under their control and thereby impersonate legitimate Nagios resources for phishing or credential-harvesting purposes.
Vendor change logs referenced in the advisories indicate that the issue is addressed in subsequent Nagios XI releases. The associated EPSS score reached a peak of 0.0638 on 2025-01-22 before receding to its current value of 0.0410, indicating a period of elevated exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-33615
Vulnerability details
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.