Published: 28/03/2019 Updated: 06/10/2022

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Privilege escalation in Nagios XI prior to 5.5.11 allows local malicious users to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nagios nagios xi

Various vulnerabilities have been found in Nagios XI version 5510, which allow a remote attacker able to trick an authenticated victim (with "autodiscovery job" creation privileges) to visit a malicious URL to obtain a remote root shell via a reflected cross site scripting, an authenticated remote code Execution and a local privilege escalation ...

Nagios IM 2.6 remote code execution exploit: CSRF + SQLi + RCE + LPE --> remote root

CVE-2019-9202 Nagios IM 26 remote code execution exploit: CSRF + SQLi + RCE + LPE --> remote root Description By chaining a Cross-Site Request Forgery (CSRF) / authorization bypass (CVE-2019-9203) it is possible to exploit a Union-based SQL injection (CVE-2019-9204), a Remote Code Execution (RCE) (CVE-2019-9202) and a Local Privilege Escalation (LPE) (CVE-2019-9166), ob

CWE-732 https://www.nagios.com/products/security/https://www.nagios.com/downloads/nagios-xi/change-log/http://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html https://nvd.nist.gov https://github.com/polict/CVE-2019-9202 https://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html

CVE-2019-9166

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect