{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-04T00:00:00", "descriptions": [{"lang": "en", "value": "The Fedora Nagios package uses \"nagiosadmin\" as the default password for the \"nagiosadmin\" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-06T17:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295446"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:30:03.556Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295446"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-0726", "datePublished": "2017-06-06T18:00:00", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-08-05T22:30:03.556Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nagios:nagios:-:*:*:*:*:*:*:*", "matchCriteriaId": "F89339E6-5484-4D0F-B834-FDD743C094B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Fedora Nagios package uses \"nagiosadmin\" as the default password for the \"nagiosadmin\" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."}, {"lang": "es", "value": "El paquete Fedora Nagios utiliza \"nagiosadmin\" como contrase\u00f1a predeterminada para la cuenta de administrador \"nagiosadmin\", lo que facilita a los atacantes remotos obtener acceso aprovechando el conocimiento de las credenciales."}], "id": "CVE-2016-0726", "lastModified": "2017-06-22T18:32:55.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-06T18:29:00.277", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295446"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "nagios: Configured administrative account with fixed password and no IP restriction as default", "id": "1295446", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295446"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-798->CWE-200", "details": ["The Fedora Nagios package uses \"nagiosadmin\" as the default password for the \"nagiosadmin\" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."], "name": "CVE-2016-0726", "package_state": [{"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Will not fix", "package_name": "nagios", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Will not fix", "package_name": "nagios", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Will not fix", "package_name": "nagios", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:storage:3.1", "fix_state": "Will not fix", "package_name": "nagios", "product_name": "Red Hat Gluster Storage 3.1"}], "public_date": "2016-01-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-0726\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0726"], "threat_severity": "Low"}