Nagios XI 5.5.10 XSS / Remote Code Execution Vulnerability

2019-04-1500:00:00

Abdel Adim Oisfi

0day.today

0.123 Low

EPSS

Percentile

95.4%

JSON

Various vulnerabilities have been found in Nagios XI version 5.5.10, which allow a remote attacker able to trick an authenticated victim (with “autodiscovery job” creation privileges) to visit a malicious URL to obtain a remote root shell via a reflected cross site scripting, an authenticated remote code Execution and a local privilege escalation.

Nagios XI 5.5.10: XSS to #

Pubblicato dapolict 10 Aprile 2019  

Tl;dr

A remote attacker could trick an authenticated victim (with “autodiscovery job” creation privileges) to visit a malicious URL and obtain a remote root shell via a reflected Cross-Site Scripting (XSS), an authenticated Remote Code Execution (RCE) and a Local Privilege Escalation (LPE).



Introduction

A few months ago I read about some Nagios XI vulnerabilities which got me interested in studying it a bit by myself. For those of you who don’t know what Nagios XI is I suggest you have a look at their website.

Fortunately, around that same time the team I am part of in Shielder chose to start spending one week each month to research or 0day discovery projects. These vulnerabilities are part of the ones I have found during that week, you can read about all of them at the security disclosures page. My target was to find an unauthenticated remote code execution with zero interaction needed, which I couldn’t find in that time span, maybe I’ll have a second look sometime in the future

#  0day.today [2019-04-17]  #

0.123 Low

EPSS

Percentile

95.4%

JSON

Related for 1337DAY-ID-32534