Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Nagios XI Network Monitor 2011R1.9 OS Command Injection

🗓️ 30 Nov 2012 00:00:00Reported by Daniel ComptonType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

Nagios XI 2011R1.9 OS Command Injection in Network Monito

Code
`=======  
Summary  
=======  
Name: Nagios XI Network Monitor - OS Command Injection  
Release Date: 30 November 2012  
Reference: NGS00196  
Discoverer: Daniel Compton <[email protected]>  
Vendor: Nagios  
Vendor Reference: 0000283  
Systems Affected: Nagios XI Network Monitor 2011R1.9  
Risk: High  
Status: Published  
  
========  
TimeLine  
========  
Discovered: 30 January 2012  
Released: 31 January 2012  
Approved: 31 January 2012  
Reported: 31 January 2012  
Fixed: 23 May 2012  
Published: 30 November 2012  
  
===========  
Description  
===========  
Nagios XI Network Monitor 2011R1.9 - OS Command Injection/Execution within the administrator/monitoring interface. This is a commertical product for monitoring severs and network monitoring equipment.  
  
I. VULNERABILITY  
-------------------------  
Nagios XI Network Monitor 2011R1.9 suffers from OS command injection in several pages and parameters. This is exploitable as an authenticated user.  
  
II. BACKGROUND  
-------------------------  
Nagios provide enterprise level network and server monitor software.  
  
http://www.nagios.com/  
  
III. DESCRIPTION  
-------------------------  
OS command injection has been found and exploited/confirmed within the software as an authenticated user. This is the latest version of Nagios XI.  
  
  
=================  
Technical Details  
=================  
IV. PROOF OF CONCEPT  
-------------------------  
The following URL and parameters have been confirmed to all suffer from OS command injection.  
  
/nagiosxi/includes/components/graphexplorer/visApi.php (GET parameters:  
host, service, opt, end, start)  
  
URL:  
  
http://192.168.1.121/nagiosxi/includes/components/graphexplorer/visApi.php?type=stack&host=localhost`cat%20/etc/passwd%20>%20/tmp/passwd.txt`&service=Swap_Usage&div=visContainer1566841654&opt=days  
  
Result: creates a new file with /etc/passwd contents.  
  
===============  
Fix Information  
===============  
Resolved in SVN 1.3 of Graph Explorer  
  
http://exchange.nagios.org/directory/Addons/Components/Graph-Explorer-Component/details  
  
CHANGES:   
1.3 05/23/2012   
========================   
- Fixed shell vulnerabilities (reported by Daniel Compton from NGS Secure)   
  
NCC Group Research  
http://www.nccgroup.com/research  
  
  
For more information please visit <a href="http://www.mimecast.com">http://www.mimecast.com<br>  
This email message has been delivered safely and archived online by Mimecast.  
</a>  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Nov 2012 00:00Current
0.1Low risk
Vulners AI Score0.1
nagios xinetwork monitoros command injectiondaniel comptonngs securegraph explorersvn 1.3ncc group research
27