CVE-2022-46945 in Nagvis
Summary
by MITRE • 05/26/2023
Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/24/2025
The vulnerability identified as CVE-2022-46945 affects Nagvis versions prior to 1.9.34 and represents a critical arbitrary file read flaw within the core application components. This vulnerability exists within the /core/classes/NagVisHoverUrl.php file, which processes URL parameters without adequate input validation or sanitization mechanisms. The flaw allows remote attackers to retrieve arbitrary files from the target system through crafted requests that manipulate the URL parameter handling logic.
The technical implementation of this vulnerability stems from insufficient validation of user-supplied input within the NagVisHoverUrl.php class. When the application processes URL requests containing file path parameters, it fails to properly sanitize or restrict the input, enabling attackers to traverse the file system and access sensitive files that should remain protected. This type of vulnerability falls under CWE-22 - Improper Limitation of a Pathname to a Restricted Directory, which is a well-documented weakness in web application security where applications fail to properly restrict file access based on user input. The vulnerability allows for directory traversal attacks that can potentially expose configuration files, database credentials, application source code, and other sensitive system artifacts.
The operational impact of this vulnerability is severe as it provides attackers with the capability to extract confidential information from the affected system. An attacker could potentially access database connection strings, administrative credentials, application configuration files, and other sensitive data that could lead to further compromise of the system. The vulnerability enables a wide range of malicious activities including information disclosure, privilege escalation, and potential system compromise. Given that Nagvis is typically used for network monitoring and visualization, the exposure of sensitive network information could provide attackers with valuable intelligence for further attacks within the network infrastructure.
Mitigation strategies for this vulnerability require immediate patching of the Nagvis application to version 1.9.34 or later, which contains the necessary fixes for the file path validation issues. Organizations should also implement network segmentation and access controls to limit exposure of the Nagvis application to untrusted networks. The remediation process should include comprehensive security testing to ensure that no other similar vulnerabilities exist within the application codebase. Additionally, implementing web application firewalls and input validation rules can provide additional layers of protection against similar attacks. According to ATT&CK framework, this vulnerability maps to T1566 - Phishing and T1083 - File and Directory Discovery, as it enables attackers to discover and access files on the target system through legitimate application interfaces. System administrators should also conduct regular security audits of web applications to identify and remediate similar path traversal vulnerabilities that could exist in other components of the infrastructure.