Lucene search
K

10 matches found

0day.today
0day.today
added 2023/02/13 12:0 a.m.436 views

Nagios XI 5.7.5 Remote Code Execution Exploit

This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 a...

8.8CVSS9.3AI score0.74979EPSS
Exploits9
Metasploit
Metasploit
added 2023/02/08 7:51 p.m.574 views

Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection

This module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apach...

9CVSS8.3AI score0.71536EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/02/08 12:0 a.m.511 views

Nagios XI 5.7.5 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2021-25296,...

9CVSS0.74979EPSS
Exploits9
VulnCheck KEV
VulnCheck KEV
added 2021/06/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-25296

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...

9CVSS7.3AI score0.71536EPSS
Exploits7References1
Check Point Advisories
Check Point Advisories
added 2021/02/18 12:0 a.m.59 views

Nagios XI Remote Code Execution (CVE-2021-25296; CVE-2021-25297; CVE-2021-25298; CVE-2021-25299)

A remote code execution vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.7AI score0.97714EPSS
Exploits10
Circl
Circl
added 2021/02/15 4:46 p.m.10 views

CVE-2021-25296

creationtimestamp| type| source ---|---|--- 2021-02-15 16:46:41+00:00| seen| https://t.me/cibsecurity/23591 2021-04-27 13:43:41+00:00| seen| MISP/5aa0b3ce-e9c4-4a1d-b95b-4e232c7929fc 2023-02-07 21:54:12+00:00| seen|...

9CVSS7.3AI score0.71536EPSS
Exploits7References8
OSV
OSV
added 2021/02/15 1:15 p.m.4 views

CVE-2021-25296

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...

8.8CVSS7.3AI score0.71536EPSS
Exploits7References7
NVD
NVD
added 2021/02/15 1:15 p.m.24 views

CVE-2021-25296

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...

9CVSS0.71536EPSS
Exploits7References6
Vulnrichment
Vulnrichment
added 2021/02/15 12:0 a.m.12 views

CVE-2021-25296

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...

9AI score0.71536EPSS
Exploits7References5
CVE
CVE
added 2021/02/15 12:0 a.m.1090 views

CVE-2021-25296

CVE-2021-25296 (Nagios XI 5.7.5) is an OS command injection in authenticated context via WindowsWMI wizard (windowswmi.inc.php); CVE-2021-25297 via Switch wizard (switch.inc.php); CVE-2021-25298 via Cloud‑VM wizard (cloud-vm.inc.php). All involve improper sanitization of authenticated user input ...

9CVSS8.8AI score0.71536EPSS
In wildExploits7References6Affected Software1
Rows per page
Query Builder