Nagios XI 5.5.10 XSS / Remote Code Execution - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1570413 漏洞类型
发布时间 2019-04-15 更新时间 2019-04-15
CVE编号 CVE-2019-9164
CVE-2019-9165
CVE-2019-9166
CVE-2019-9167
CVE-2019-9202
CVE-2019-9203
CVE-2019-9204
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019040131
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Nagios XI 5.5.10: XSS to #

Pubblicato dapolict 10 Aprile 2019  

Tl;dr

A remote attacker could trick an authenticated victim (with “autodiscovery job” creation privileges) to visit a malicious URL and obtain a remote root shell via a reflected Cross-Site Scripting (XSS), an authenticated Remote Code Execution (RCE) and a Local Privilege Escalation (LPE).



Introduction

A few months ago I read about some Nagios XI vulnerabilities which got me interested in studying it a bit by myself. For those of you who don’t know what Nagios XI is I suggest you have a look at their website.

Fortunately, around that same time the team I am part of in Shielder chose to start spending one week each month to research or 0day discovery projects. These vulnerabilities are part of the ones I have found during that week, you can read about all of them at the security disclosures page. My target was to find an unauthenticated remote code execution with zero interaction needed, which I couldn’t find in that time span, maybe I’ll have a second look sometime in the future