Security News > 2021 > May > Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software
Cybersecurity researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be abused by an adversary to hijack the infrastructure without any operator intervention.
Put differently; the attack scenario works by targeting a Nagios XI server at the customer site, using CVE-2020-28648 and CVE-2020-28910 to gain RCE and elevate privileges to "Root." With the server now effectively compromised, the adversary can then send tainted data to the upstream Nagios Fusion server that's used to provide centralized infrastructure-wide visibility by periodically polling the Nagios XI servers.
The researchers have also published a PHP-based post-exploitation tool called SoyGun that chains the vulnerabilities together and "Allows an attacker with Nagios XI user's credentials and HTTP access to the Nagios XI server to take full control of a Nagios Fusion deployment."
CVE-2020-28901 - Nagios Fusion privilege escalation from apache to nagios via command injection on component dir parameter in cmd subsys.
CVE-2020-28902 - Nagios Fusion privilege escalation from apache to nagios via command injection on timezone parameter in cmd subsys.
CVE-2020-28908 - Nagios Fusion privilege escalation from apache to nagios via command injection in cmd subsys.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2020-28910 | Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh. | 9.8 |
| 2021-05-24 | CVE-2020-28908 | Command Injection vulnerability in Nagios Fusion Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios. | 9.8 |
| 2021-05-24 | CVE-2020-28902 | Command Injection vulnerability in Nagios Fusion Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php. | 9.8 |
| 2021-05-24 | CVE-2020-28901 | Command Injection vulnerability in Nagios Fusion Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php. | 9.8 |
| 2020-11-16 | CVE-2020-28648 | Improper Input Validation vulnerability in Nagios XI Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. | 8.8 |