← back
CVE-2019-15949

CVE-2019-15949

CVSS 8.8 HIGHEPSS 77.7%● KEVCWE-78
In short

Nagios XI before version 5.6.6 allows attackers with admin or nagios user access to execute arbitrary commands as root by modifying a plugin file that gets run with elevated privileges. This can lead to complete system compromise.

Technical detail

CWE-78 (OS Command Injection) via unsafe sudo execution in getprofile.sh script. An authenticated user with plugin modification permissions, or the nagios system user, can alter the check_plugin executable to inject malicious commands that execute as root through a passwordless sudo entry when a system profile is downloaded via profile.php?cmd=download.

Summary generated and translated by AI from the official description.
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found5
githubgithub.com/plur1bu5/Nagios-CVE-2019-15949-RCE0cve_referencepacketstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48191unverifiedexploitdbwww.exploit-db.com/exploits/52138unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.htmlhttps://github.com/jakgibb/nagiosxi-root-rce-exploithttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-15949