Published: 28/03/2019 Updated: 06/10/2022

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Nagios IM (component of Nagios XI) prior to 2.2.7 allows authenticated users to execute arbitrary code via API key issues.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nagios incident manager

Various vulnerabilities have been found in Nagios XI version 5510, which allow a remote attacker able to trick an authenticated victim (with "autodiscovery job" creation privileges) to visit a malicious URL to obtain a remote root shell via a reflected cross site scripting, an authenticated remote code Execution and a local privilege escalation ...

Nagios IM 2.6 remote code execution exploit: CSRF + SQLi + RCE + LPE --> remote root

CVE-2019-9202 Nagios IM 26 remote code execution exploit: CSRF + SQLi + RCE + LPE --> remote root Description By chaining a Cross-Site Request Forgery (CSRF) / authorization bypass (CVE-2019-9203) it is possible to exploit a Union-based SQL injection (CVE-2019-9204), a Remote Code Execution (RCE) (CVE-2019-9202) and a Local Privilege Escalation (LPE) (CVE-2019-9166), ob

NVD-CWE-noinfo https://www.nagios.com/products/security/http://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html https://nvd.nist.gov https://github.com/polict/CVE-2019-9202 https://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html

CVE-2019-9202

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect