CVE-2016-9565
Nagios < 4.2.2 - Arbitrary Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
MagpieRSS, como es usado en el componente front-end en Nagios Core en versiones anteriores a 4.2.2 podría permitir a atacantes remotos leer o escribir archivos arbitrarios falsificando una respuesta manipulada del servidor de alimentación Nagios RSS. NOTA: esta vulnerabilidad existe debido a una incompleta reparación de CVE-2008-4796.
It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.
Nagios Core versions prior to 4.2.2 suffer from a curl command injection vulnerability that can lead to remote code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-22 CVE Reserved
- 2016-12-15 CVE Published
- 2023-03-21 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
- CWE-284: Improper Access Control
CAPEC
References (18)
URL | Tag | Source |
---|---|---|
http://seclists.org/fulldisclosure/2016/Dec/57 | Mailing List | |
http://www.securityfocus.com/archive/1/539925/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/94922 | Third Party Advisory | |
http://www.securitytracker.com/id/1037488 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2017-0211.html | 2018-10-09 | |
http://rhn.redhat.com/errata/RHSA-2017-0212.html | 2018-10-09 | |
http://rhn.redhat.com/errata/RHSA-2017-0213.html | 2018-10-09 | |
http://rhn.redhat.com/errata/RHSA-2017-0214.html | 2018-10-09 | |
http://rhn.redhat.com/errata/RHSA-2017-0258.html | 2018-10-09 | |
http://rhn.redhat.com/errata/RHSA-2017-0259.html | 2018-10-09 | |
https://security.gentoo.org/glsa/201702-26 | 2018-10-09 | |
https://security.gentoo.org/glsa/201710-20 | 2018-10-09 | |
https://www.nagios.org/projects/nagios-core/history/4x | 2018-10-09 | |
https://access.redhat.com/security/cve/CVE-2016-9565 | 2017-02-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1405363 | 2017-02-07 |