Lucene search
K

10 matches found

zdt
zdt
added 2023/02/13 12:0 a.m.436 views

Nagios XI 5.7.5 Remote Code Execution Exploit

This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 a...

8.8CVSS9.3AI score0.74979EPSS
Exploits9
metasploit
metasploit
added 2023/02/08 7:51 p.m.574 views

Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection

This module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apach...

9CVSS8.3AI score0.71536EPSS
Exploits8
packetstorm
packetstorm
added 2023/02/08 12:0 a.m.511 views

Nagios XI 5.7.5 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2021-25296,...

9CVSS0.74979EPSS
Exploits9
vulncheck_kev
vulncheck_kev
added 2021/06/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-25296

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...

9CVSS7.3AI score0.71536EPSS
Exploits7References1
checkpoint_advisories
checkpoint_advisories
added 2021/02/18 12:0 a.m.59 views

Nagios XI Remote Code Execution (CVE-2021-25296; CVE-2021-25297; CVE-2021-25298; CVE-2021-25299)

A remote code execution vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.7AI score0.97714EPSS
Exploits10
circl
circl
added 2021/02/15 4:46 p.m.10 views

CVE-2021-25296

creationtimestamp| type| source ---|---|--- 2021-02-15 16:46:41+00:00| seen| https://t.me/cibsecurity/23591 2021-04-27 13:43:41+00:00| seen| MISP/5aa0b3ce-e9c4-4a1d-b95b-4e232c7929fc 2023-02-07 21:54:12+00:00| seen|...

9CVSS7.3AI score0.71536EPSS
Exploits7References8
osv
osv
added 2021/02/15 1:15 p.m.4 views

CVE-2021-25296

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...

8.8CVSS7.3AI score0.71536EPSS
Exploits7References7
nvd
nvd
added 2021/02/15 1:15 p.m.24 views

CVE-2021-25296

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...

9CVSS0.71536EPSS
Exploits7References6
vulnrichment
vulnrichment
added 2021/02/15 12:0 a.m.12 views

CVE-2021-25296

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...

9AI score0.71536EPSS
Exploits7References5
cve
cve
added 2021/02/15 12:0 a.m.1090 views

CVE-2021-25296

CVE-2021-25296 (Nagios XI 5.7.5) is an OS command injection in authenticated context via WindowsWMI wizard (windowswmi.inc.php); CVE-2021-25297 via Switch wizard (switch.inc.php); CVE-2021-25298 via Cloud‑VM wizard (cloud-vm.inc.php). All involve improper sanitization of authenticated user input ...

9CVSS8.8AI score0.71536EPSS
In wildExploits7References6Affected Software1
Rows per page
Query Builder