Instantly share code, notes, and snippets.

Embed
What would you like to do?
NagiosXI remote root vulnerability CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736
These vulnerabilities together result in NagiosXI being vulnerable to an unauthenticated remote root command injection.
CVE-2018-8733
Authentication bypass vulnerability in the core config manager in
Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated
attacker to make configuration changes and leverage an authenticated
SQL injection vulnerability.
CVE-2018-8734
SQL injection vulnerability in the core config manager in Nagios XI
5.2.x through 5.4.x before 5.4.13 allows an attacker to execute
arbitrary SQL commands via the selInfoKey1 parameter.
CVE-2018-8735
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through
5.4.x before 5.4.13 allows an attacker to execute arbitrary commands
on the target system, aka OS command injection.
CVE-2018-8736
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x
before 5.4.13 allows an attacker to leverage an RCE vulnerability
escalating to root.
------------------------------------------
[VulnerabilityType Other]
CWE-78, CWE-89, CWE-305. CWE-269
------------------------------------------
[Reference]
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
------------------------------------------
[Affected Product Code Base]
NagiosXI - 5.4.0-12
NagiosXI - 5.3.*
NagiosXI - 5.2.*
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
remote and un-authenticated
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Benny Husted, Jared Arave, Cale Smith
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment