10 matches found
Nagios XI 5.7.5 Remote Code Execution Exploit
This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 a...
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
This module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apach...
Nagios XI 5.7.5 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2021-25296,...
VulnCheck KEV: CVE-2021-25296
Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...
Nagios XI Remote Code Execution (CVE-2021-25296; CVE-2021-25297; CVE-2021-25298; CVE-2021-25299)
A remote code execution vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2021-25296
creationtimestamp| type| source ---|---|--- 2021-02-15 16:46:41+00:00| seen| https://t.me/cibsecurity/23591 2021-04-27 13:43:41+00:00| seen| MISP/5aa0b3ce-e9c4-4a1d-b95b-4e232c7929fc 2023-02-07 21:54:12+00:00| seen|...
CVE-2021-25296
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...
CVE-2021-25296
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...
CVE-2021-25296
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...
CVE-2021-25296
CVE-2021-25296 (Nagios XI 5.7.5) is an OS command injection in authenticated context via WindowsWMI wizard (windowswmi.inc.php); CVE-2021-25297 via Switch wizard (switch.inc.php); CVE-2021-25298 via Cloud‑VM wizard (cloud-vm.inc.php). All involve improper sanitization of authenticated user input ...