Loading
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network path can intercept credentials in transit. Captured credentials could allow the attacker to authenticate as a cluster node or service account, enabling further unauthorized access, lateral movement, or system compromise.
Use CWE-319, Nagios vendor hub and Log Server product page to widen CVE-2025-34271 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-34277, CVE-2025-34274 and CVE-2025-34298 for nearby disclosures in the same product family.