Vulnerability Details : CVE-2016-0726
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
Exploit prediction scoring system (EPSS) score for CVE-2016-0726
Probability of exploitation activity in the next 30 days: 0.48%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-0726
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-0726
-
The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0726
-
https://bugzilla.redhat.com/show_bug.cgi?id=1295446
1295446 – (CVE-2016-0726) CVE-2016-0726 nagios: Configured administrative account with fixed password and no IP restriction as defaultThird Party Advisory
Products affected by CVE-2016-0726
- cpe:2.3:a:nagios:nagios:-:*:*:*:*:*:*:*