CVE-2013-10072 – Nagios XI versions before 2012R1.6 have an auth... (How to Fix)

Q: What is the severity of CVE-2013-10072?

CVE-2013-10072 has a CVSS score of 6.5 (MEDIUM). Nagios XI versions before 2012R1.6 have an authorization flaw in Auto-Discovery functionality. Users with read-only permissions can access Auto-Discovery endpoints and pages that should require elevated privileges, exposing discovery results and allowing unauthorized access to discovery operations. This affects organizations using vulnerable Nagios XI versions for monitoring.

📋 TL;DR

Nagios XI versions before 2012R1.6 have an authorization flaw in Auto-Discovery functionality. Users with read-only permissions can access Auto-Discovery endpoints and pages that should require elevated privileges, exposing discovery results and allowing unauthorized access to discovery operations. This affects organizations using vulnerable Nagios XI versions for monitoring.

💻 Affected Systems

Products:

Nagios XI

Versions: All versions prior to 2012R1.6

Operating Systems: All platforms running Nagios XI

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations with Auto-Discovery functionality enabled and users with read-only roles.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Read-only users could access sensitive network discovery data, modify discovery operations, potentially leading to information disclosure about network infrastructure and unauthorized configuration changes.

🟠

Likely Case

Read-only users gain unintended access to network discovery results, exposing internal network topology and device information that should be restricted to administrators.

🟢

If Mitigated

With proper role-based access controls, only authorized administrators can access Auto-Discovery functionality, limiting exposure of sensitive network information.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated read-only user access. Attackers with valid read-only credentials can directly access restricted Auto-Discovery endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2012R1.6 or later

Vendor Advisory: https://www.nagios.com/changelog/nagios-xi/

Restart Required: No

Instructions:

1. Backup current Nagios XI configuration. 2. Download and install Nagios XI 2012R1.6 or later from official Nagios website. 3. Follow upgrade instructions in Nagios XI documentation. 4. Verify authorization controls are properly enforced.

🔧 Temporary Workarounds

Disable Auto-Discovery functionality

all

Temporarily disable Auto-Discovery feature to prevent unauthorized access while planning upgrade.

Navigate to Admin > System Extensions > Manage Components and disable Auto-Discovery

Restrict user access

all

Review and minimize read-only user accounts, implement strict access controls.

Review user roles in Admin > Users and remove unnecessary read-only accounts

🧯 If You Can't Patch

Implement network segmentation to isolate Nagios XI from sensitive network segments
Enhance monitoring of Auto-Discovery access logs for unauthorized activity

🔍 How to Verify

Check if Vulnerable:

Check Nagios XI version in Admin > About. If version is earlier than 2012R1.6, system is vulnerable.

Check Version:

Check Admin > About page in Nagios XI web interface or examine /usr/local/nagiosxi/var/xiversion file

Verify Fix Applied:

After upgrade, verify version is 2012R1.6 or later. Test with read-only user account that Auto-Discovery endpoints return proper authorization errors.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to Auto-Discovery endpoints by read-only users
Access to /nagiosxi/admin/discovery.php or similar discovery pages by non-admin users

Network Indicators:

HTTP requests to Auto-Discovery endpoints from non-admin user accounts

SIEM Query:

source="nagios_xi_logs" AND (uri_path="/nagiosxi/admin/discovery*" OR uri_path="/nagiosxi/includes/components/discovery*") AND user_role="read-only"

📊 Metadata

CVE ID: CVE-2013-10072

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-862

EPSS Score: 0.13% exploit probability (33.1th percentile)

Published: October 30, 2025

Last Updated: November 6, 2025

🔗 References

https://www.nagios.com/changelog/nagios-xi/ Release Notes
https://www.vulncheck.com/advisories/nagios-xi-auto-discovery-missing-authorization Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2013-10072, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Nagios Xi by Nagios

Nagios Xi by Nagios

Nagios Xi by Nagios

Nagios Xi by Nagios

Nagios Xi by Nagios

Nagios Xi by Nagios

Nagios Xi by Nagios

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Auto-Discovery functionality

Restrict user access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities