Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-25299

Published: 15/02/2021 Updated: 04/03/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Nagios

Vulnerability Summary

Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nagios nagios xi 5.7.5

Exploits

Exploit DB: Nagios XI 5.7.5 Remote Code Execution
Nagios XI version 575 suffers from a cross site scripting and multiple remote code execution vulnerabilities ...

Github Repositories

https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs

Bugs reported to Nagios XI

nagios-xi-575-bugs Bugs reported to Nagios XI CVE-2021-25296 Code Location /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmiincphp Code snippet if (!empty($plugin_output_len)) { $disk_wmi_command = " --forcetruncateoutput " $plugin_output_len; $service_wmi_command = " --forcetruncateoutput " $plugin_output_len; $proc

References

CWE-79http://nagios.comhttp://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.htmlhttps://assets.nagios.com/downloads/nagiosxi/versions.phphttps://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.mdhttps://nvd.nist.govhttps://github.com/fs0c-sh/nagios-xi-5.7.5-bugshttps://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook