Vulnerabilities > CVE-2018-15708 - Unspecified vulnerability in Nagios XI 5.5.6

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
nagios
critical
exploit available
metasploit
NVD
Published: 2018-11-14
Updated: 2019-10-03

Summary

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

Vulnerable Configurations

Part Description Count
Application
Nagios
1

Exploit-Db

  • fileexploits/linux/webapps/46221.py
    idEDB-ID:46221
    last seen2019-01-23
    modified2019-01-23
    platformlinux
    port
    published2019-01-23
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/46221
    titleNagios XI 5.5.6 - Remote Code Execution / Privilege Escalation
    typewebapps
  • idEDB-ID:47039
    last seen2019-06-26
    modified2019-06-26
    published2019-06-26
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/47039
    titleNagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)

Metasploit

descriptionThis module exploits two vulnerabilities in Nagios XI 5.5.6: CVE-2018-15708 which allows for unauthenticated remote code execution and CVE 2018-15710 which allows for local privilege escalation. When combined, these two vulnerabilities give us a root reverse shell.
idMSF:EXPLOIT/LINUX/HTTP/NAGIOS_XI_MAGPIE_DEBUG
last seen2020-06-12
modified2020-05-18
published2019-06-25
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/nagios_xi_magpie_debug.rb
titleNagios XI Magpie_debug.php Root Remote Code Execution

Packetstorm

References