Login Sign Up

CVE-2022-46945

9.1 CRITICAL
Path Traversal

📋 TL;DR

CVE-2022-46945 is an arbitrary file read vulnerability in Nagvis versions before 1.9.34. Attackers can exploit the NagVisHoverUrl.php component to read sensitive files on the server. Organizations running Nagvis for network monitoring are affected.

💻 Affected Systems

Products:
  • Nagvis
Versions: All versions before 1.9.34
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Nagvis is typically deployed as part of Nagios or Checkmk monitoring solutions.

📦 What is this software?

Nagvis by Nagvis

View all CVEs affecting Nagvis →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading configuration files containing credentials, followed by lateral movement or privilege escalation.

🟠

Likely Case

Exfiltration of sensitive configuration data, credentials, or system files leading to further attacks.

🟢

If Mitigated

Limited to reading non-sensitive files if proper file permissions and network segmentation are implemented.

🌐 Internet-Facing: HIGH - Directly exploitable via web interface without authentication.
🏢 Internal Only: HIGH - Internal attackers or compromised systems can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP requests can trigger the vulnerability. Public exploit code exists in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.34

Vendor Advisory: https://github.com/NagVis/nagvis/commit/71aba7f46f79d846e1df037f165d206a2cd1d22a

Restart Required: No

Instructions:

1. Backup current Nagvis installation. 2. Download Nagvis 1.9.34 or later from official repository. 3. Replace affected files or perform full upgrade. 4. Verify fix by checking version.

🔧 Temporary Workarounds

Restrict file access via web server

linux

Configure web server to block access to sensitive directories and limit file read operations.

# Apache: Add to .htaccess
<Files "NagVisHoverUrl.php">
    Deny from all
</Files>
# Nginx: Add to server block
location ~ /core/classes/NagVisHoverUrl\.php {
    deny all;
}

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Nagvis from sensitive systems.
  • Deploy web application firewall (WAF) with rules to block arbitrary file read patterns.

🔍 How to Verify

Check if Vulnerable:

Check Nagvis version: if below 1.9.34, system is vulnerable. Review access logs for suspicious requests to NagVisHoverUrl.php.

Check Version:

grep 'define(\'CONST_VERSION\'' /path/to/nagvis/share/nagvis/includes/defines/global.php | cut -d"'" -f4

Verify Fix Applied:

Confirm Nagvis version is 1.9.34 or higher. Test that file read attempts via NagVisHoverUrl.php are blocked.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /core/classes/NagVisHoverUrl.php with file path parameters
  • Unusual file access patterns in web server logs

Network Indicators:

  • HTTP GET requests containing file paths in parameters to Nagvis endpoints

SIEM Query:

source="web_access.log" AND url="/core/classes/NagVisHoverUrl.php" AND (param="file" OR param="path")

📊 Metadata

CVE ID: CVE-2022-46945
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
CWE: CWE-22
Published: May 26, 2023
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-46945, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)