Published: 05/09/2019 Updated: 15/04/2021

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 906

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Nagios XI prior to 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nagios nagios xi

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initialize(info = {}) super(update_info(info, ...

POC which exploits a vulnerability within Nagios XI (5.6.5) to spawn a root shell

nagiosxi-root-exploit Overview A vulnerability exists in Nagios XI <= 565 allowing an attacker to leverage an RCE to escalate privileges to root The exploit requires access to the server as the 'nagios' user, or CCM access via the web interface with perissions to manage plugins Details The getprofilesh script, invoked by downloading a system profile (profi

TryHackMe Writeups This repository contains a few of my writeups I made for the famous and addictive TryHackMe CTF (Capture The Flag) challenges Check out the TryHackMe website for your subscription! Find more information on the TryHackMe website: tryhackmecom Here's a link to my profile on TryHackMe: Note: you can also look at these documents here through the

This repository contains a few of my writeups I made for the famous and addictive TryHackMe CTF (Capture The Flag) challenges.

TryHackMe Writeups This repository contains a few of my writeups I made for the famous and addictive TryHackMe CTF (Capture The Flag) challenges Check out the TryHackMe website for your subscription! Find more information on the TryHackMe website: tryhackmecom Here's a link to my profile on TryHackMe: Note: you can also look at these documents here through the

CVE-2019–15949 for Nagiosxi < 5.6.6

Nagiosxi CVE-2019–15949 A proof-of-concept for CVE-2019–15949 Nagiosxi Authenticated RCE Getting Started Executing program With python3 python3 exploitpy -t 'nagiosxi/' -b /nagiosxi/ -u username -p password -lh 127001 -lp 1337 Help For help menu: python3 exploitpy -h

CWE-78 https://github.com/jakgibb/nagiosxi-root-rce-exploit http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.html https://nvd.nist.gov https://www.exploit-db.com/exploits/48191 https://github.com/jakgibb/nagiosxi-root-rce-exploit

CVE-2019-15949

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect