CNNVD-202510-3534 Information
CNNVD ID
CNNVD-202510-3534
Related CVE
- CNNVD Published: 2025-10-27
Description (Chinese)
Nagios Fusion是美国Nagios公司的一个集中监控与可视化平台。 Nagios Fusion v2024R1.2版本和v2024R2版本存在安全漏洞,该漏洞源于OTP验证组件缺少速率限制,可能导致暴力破解攻击绕过身份验证。
Description (English)
Nagios Fusion is a centralized surveillance and visualization platform of the United States company Nagios. There is a security loophole in the Nagios Fusion v2024R1.2 and v2024R2 versions, which stems from the lack of speed limits for the OTP validation component, which could lead to violent break-up attacks bypassing identification.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Nagios
Published
2025-10-27
Last Modified
2026-02-24
References
https://github.com/aakashtyal/2FA-Bypass-using-a-Brute-Force-Attack https://github.com/aakashtyal/2FA-Bypass-using-a-Brute-Force-Attack-CVE-2025-60424 https://www.nagios.com/changelog/#fusion https://access.redhat.com/security/cve/cve-2025-60424
Patch
https://www.nagios.com/products/nagios-fusion/
Share on: