Published: 15/02/2021 Updated: 08/08/2023

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 940

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nagios nagios xi 5.7.5

Nagios XI version 575 suffers from a cross site scripting and multiple remote code execution vulnerabilities ...

This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 556 to 575 as the apache user Valid credentials for a Nagios XI ...

This module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 556 to 575 as the apache user Vali ...

This module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apache user. Valid credentials for a Nagios XI user are required. This module has been successfully tested against official NagiosXI OVAs from 5.5.6-5.7.5.

msf > use exploit/linux/http/nagios_xi_configwizards_authenticated_rce
msf exploit(nagios_xi_configwizards_authenticated_rce) > show targets
    ...targets...
msf exploit(nagios_xi_configwizards_authenticated_rce) > set TARGET < target-id >
msf exploit(nagios_xi_configwizards_authenticated_rce) > show options
    ...show and set options...
msf exploit(nagios_xi_configwizards_authenticated_rce) > exploit

Bugs reported to Nagios XI

nagios-xi-575-bugs Bugs reported to Nagios XI CVE-2021-25296 Code Location /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmiincphp Code snippet if (!empty($plugin_output_len)) { $disk_wmi_command = " --forcetruncateoutput " $plugin_output_len; $service_wmi_command = " --forcetruncateoutput " $plugin_output_len; $proc

NVD-CWE-Other http://nagios.com https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md https://assets.nagios.com/downloads/nagiosxi/versions.php http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and https://nvd.nist.gov https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs https://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html

CVE-2021-25298

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

Github Repositories

References

Vulmon Search

About

Products

Connect