CVE-2019-15949

Nagios XI Remote Code Execution Vulnerability

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.

Nagios XI en versiones anteriores a la 5.6.6 permite la ejecución remota de comandos como root. La explotación requiere acceso al servidor como usuario nagios, o acceso como usuario administrador a través de la interfaz web. El script getprofile.sh, invocado al descargar un perfil del sistema (profile.php?cmd=download), se ejecuta como root mediante una entrada de sudo sin contraseña; el script ejecuta check_plugin, propiedad del usuario nagios. Un usuario que inició sesión en Nagios XI con permisos para modificar complementos, o el usuario de nagios en el servidor, puede modificar el ejecutable check_plugin e insertar comandos maliciosos para ejecutar como root.

Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as root.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-09-05 CVE Reserved
2019-09-05 CVE Published
2020-03-10 First Exploit
2021-11-03 Exploited in Wild
2022-05-03 KEV Due Date
2024-08-05 CVE Updated
2024-11-09 EPSS Updated

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (5)

URL	Tag	Source
-

URL	Date	SRC
https://www.exploit-db.com/exploits/48191	2020-03-10
http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html	2024-08-05
http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.html	2024-08-05
https://github.com/jakgibb/nagiosxi-root-rce-exploit	2024-08-05

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nagios Search vendor "Nagios"		Nagios Xi Search vendor "Nagios" for product "Nagios Xi"				< 5.6.6 Search vendor "Nagios" for product "Nagios Xi" and version " < 5.6.6"		-		Affected