CVE-2023-40931
Published: 19 September 2023
Summary
CVE-2023-40931 is a medium-severity SQL Injection (CWE-89) vulnerability in Nagios Nagios Xi. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 0.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-40931 is a SQL injection vulnerability affecting Nagios XI versions 5.11.0 through 5.11.1. It resides in the banner_message-ajaxhelper.php endpoint, where the ID parameter in an authenticated POST request is not properly sanitized, allowing arbitrary SQL commands to be executed under CWE-89.
An authenticated attacker with low-privileged network access can exploit the flaw without user interaction to extract sensitive data from the underlying database, corresponding to the CVSS 6.5 rating that emphasizes high confidentiality impact while leaving integrity and availability unaffected.
Public references point to Nagios product pages and an Outpost24 analysis for further details, though no explicit patch or mitigation guidance is supplied in the available information. The associated EPSS score has reached a current value of 0.8415 with a recorded peak of 0.8844, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-45470
Vulnerability details
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.