Published: 13/01/2021 Updated: 26/04/2021

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 940

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

An issue exists in the Manage Plugins page in Nagios XI prior to 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nagios nagios xi

Nagios XI version 57x authenticated remote code execution exploit ...

This Metasploit module exploits a command injection vulnerability in the /admin/monitoringpluginsphp page of Nagios XI versions prior to 580 when uploading plugins Successful exploitation allows an authenticated admin user to achieve remote code execution as the apache user by uploading a malicious plugin Valid credentials for a Nagios XI admi ...

This module exploits a command injection vulnerability (CVE-2020-35578) in the `/admin/monitoringpluginsphp` page of Nagios XI versions prior to 580 when uploading plugins Successful exploitation allows an authenticated admin user to achieve remote code execution as the `apache` user by uploading a malicious plugin ...

This module exploits a command injection vulnerability (CVE-2020-35578) in the `/admin/monitoringplugins.php` page of Nagios XI versions prior to 5.8.0 when uploading plugins. Successful exploitation allows an authenticated admin user to achieve remote code execution as the `apache` user by uploading a malicious plugin. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios versions XI 5.3.0 and 5.7.5, both running on CentOS 7.

msf > use exploit/linux/http/nagios_xi_plugins_filename_authenticated_rce
msf exploit(nagios_xi_plugins_filename_authenticated_rce) > show targets
    ...targets...
msf exploit(nagios_xi_plugins_filename_authenticated_rce) > set TARGET < target-id >
msf exploit(nagios_xi_plugins_filename_authenticated_rce) > show options
    ...show and set options...
msf exploit(nagios_xi_plugins_filename_authenticated_rce) > exploit

CWE-78 https://www.nagios.com/downloads/nagios-xi/change-log/https://www.nagios.com/products/security/http://packetstormsecurity.com/files/160948/Nagios-XI-5.7.x-Remote-Code-Execution.html http://packetstormsecurity.com/files/162207/Nagios-XI-Remote-Code-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/160948/Nagios-XI-5.7.x-Remote-Code-Execution.html https://www.rapid7.com/db/modules/exploit/linux/http/nagios_xi_plugins_filename_authenticated_rce/

CVE-2020-35578

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

References

Vulmon Search

About

Products

Connect