Vulnerabilities > CVE-2018-15708 - Unspecified vulnerability in Nagios XI 5.5.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
file exploits/linux/webapps/46221.py id EDB-ID:46221 last seen 2019-01-23 modified 2019-01-23 platform linux port published 2019-01-23 reporter Exploit-DB source https://www.exploit-db.com/download/46221 title Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation type webapps id EDB-ID:47039 last seen 2019-06-26 modified 2019-06-26 published 2019-06-26 reporter Exploit-DB source https://www.exploit-db.com/download/47039 title Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
Metasploit
description | This module exploits two vulnerabilities in Nagios XI 5.5.6: CVE-2018-15708 which allows for unauthenticated remote code execution and CVE 2018-15710 which allows for local privilege escalation. When combined, these two vulnerabilities give us a root reverse shell. |
id | MSF:EXPLOIT/LINUX/HTTP/NAGIOS_XI_MAGPIE_DEBUG |
last seen | 2020-06-12 |
modified | 2020-05-18 |
published | 2019-06-25 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/nagios_xi_magpie_debug.rb |
title | Nagios XI Magpie_debug.php Root Remote Code Execution |
Packetstorm
data source https://packetstormsecurity.com/files/download/151296/nagiosxi556-execescalate.txt id PACKETSTORM:151296 last seen 2019-01-29 published 2019-01-23 reporter Chris Lyne source https://packetstormsecurity.com/files/151296/Nagios-XI-5.5.6-Remote-Code-Execution-Privilege-Escalation.html title Nagios XI 5.5.6 Remote Code Execution / Privilege Escalation data source https://packetstormsecurity.com/files/download/153433/nagios_xi_magpie_debug.rb.txt id PACKETSTORM:153433 last seen 2019-06-26 published 2019-06-25 reporter Chris Lyne source https://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html title Nagios XI Magpie_debug.php Root Remote Code Execution
References
- http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html
- https://www.exploit-db.com/exploits/46221/
- https://www.exploit-db.com/exploits/46221/
- https://www.tenable.com/security/research/tra-2018-37
- https://www.tenable.com/security/research/tra-2018-37