Description

A critical vulnerability exists in the MagpieRSS library that is distributed with Nagios XI. This library contains a custom version of the Snoopy component which allows a remote, unauthenticated attacker to inject arbitrary arguments into a "curl" command. By requesting magpie_debug.php with a crafted value specified in the HTTP GET 'url' parameter, the vulnerable component can be exploited to write arbitrary data to a location on disk that is writable by the 'apache' user.

Remediation

Upgrade to the latest version of Nagios XI (this vulnerability was fixed in Nagios XI version 5.5.7).

References

[R2] Nagios XI Multiple Vulnerabilities

Nagios XI Change Log

Related Vulnerabilities

Drupal Core 8.9.0 Remote Code Execution (8.9.0)

SAP NetWeaver ConfigServlet remote command execution

WordPress Plugin Ajax Search Lite Remote Command Execution (3.1)

PHPUnit Remote Code Execution

ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability

Severity

High

Classification

CVE-2018-15708 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution