Skip to content

Instantly share code, notes, and snippets.

@caleBot
Created April 17, 2018 19:36
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save caleBot/f0a93b5a98574393e0139104eacc2d0f to your computer and use it in GitHub Desktop.
NagiosXI remote root vulnerability CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736
These vulnerabilities together result in NagiosXI being vulnerable to an unauthenticated remote root command injection.
CVE-2018-8733
Authentication bypass vulnerability in the core config manager in
Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated
attacker to make configuration changes and leverage an authenticated
SQL injection vulnerability.
CVE-2018-8734
SQL injection vulnerability in the core config manager in Nagios XI
5.2.x through 5.4.x before 5.4.13 allows an attacker to execute
arbitrary SQL commands via the selInfoKey1 parameter.
CVE-2018-8735
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through
5.4.x before 5.4.13 allows an attacker to execute arbitrary commands
on the target system, aka OS command injection.
CVE-2018-8736
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x
before 5.4.13 allows an attacker to leverage an RCE vulnerability
escalating to root.
------------------------------------------
[VulnerabilityType Other]
CWE-78, CWE-89, CWE-305. CWE-269
------------------------------------------
[Reference]
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
------------------------------------------
[Affected Product Code Base]
NagiosXI - 5.4.0-12
NagiosXI - 5.3.*
NagiosXI - 5.2.*
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
remote and un-authenticated
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Benny Husted, Jared Arave, Cale Smith
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment