Authorization Flaw in Nagios XI Auto-Discovery Functionality
CVE-2013-10072

7.2HIGH

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2013-10072?

An authorization flaw in Nagios XI versions before 2012R1.6 allows users with read-only roles to access Auto-Discovery endpoints. This flaw exposes sensitive discovery results and enables unauthorized operations that should require elevated permissions, posing a significant risk to user data and system integrity. Users are advised to update to the latest version to mitigate this security concern.

Affected Version(s)

XI 0 < 2012R1.6

References

https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-auto-disco...
third-party-advisory

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

James Clawson
JSON
.
CVE-2013-10072 : Authorization Flaw in Nagios XI Auto-Discovery Functionality