CVE-2020-5791

🗓️ 20 Oct 2020 21:22:00Reported by tenableType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 157 Views🌐 WEB

Improper neutralization of special elements in Nagios XI 5.7.3 allows remote code execution

Reporter	Title	Published	Views	Family All 18
0day.today	Nagios XI 5.7.3 Remote Code Execution Exploit	19 Apr 202100:00	–	zdt
Circl	CVE-2020-5791	26 Mar 202123:19	–	circl
CNVD	Nagios XI OS Command Injection Vulnerability (CNVD-2020-58765)	26 Oct 202000:00	–	cnvd
Check Point Advisories	Nagios XI mibs.php Command Injection (CVE-2020-5791)	28 Nov 202000:00	–	checkpoint_advisories
Check Point Advisories	Nagios XI Command Injection (CVE-2020-5791)	29 Nov 202000:00	–	checkpoint_advisories
Cvelist	CVE-2020-5791	20 Oct 202021:22	–	cvelist
Exploit DB	Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection (Authenticated)	28 Oct 202000:00	–	exploitdb
Metasploit	Nagios XI Scanner	27 Mar 202117:42	–	metasploit
Metasploit	Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection	17 Apr 202117:41	–	metasploit
NCSC	Vulnerabilities fixed in Nagios XI	21 Oct 202000:00	–	ncsc

NVD

Node

nagios nagios_xiRange5.6.0–5.7.3

[
  {
    "product": "Nagios XI",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "5.7.3"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/162235/Nagios-XI-5.7.3-Remote-Code-Execution.html
tenable	www.tenable.com/security/research/tra-2020-58
packetstormsecurity	www.packetstormsecurity.com/files/159743/Nagios-XI-5.7.3-Remote-Command-Injection.html

Parameter	Position	Path	Description	CWE
file	query param	admin/mibs.php	OS command injection via the file parameter in admin/mibs.php allows an authenticated admin to execute OS commands as the apache/www-data user.	CWE-78

21 Nov 2024 05:34Current

7High risk

Vulners AI Score7

CVSS 3.17.2

CVSS 29

EPSS0.87753

CWE-78

cve-2020-5791 os command nagios xi remote code execution nvd