CVE-2021-25296
CVE-2021-25296
In short
Nagios XI version 5.7.5 allows authenticated users to inject operating system commands through unsanitized input in the Windows WMI configuration wizard, potentially taking over the server.
Technical detail
OS command injection vulnerability in /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php affecting Nagios XI 5.7.5. Attack requires authentication; attacker can execute arbitrary OS commands via malformed HTTP request with unsanitized parameters in the Windows WMI wizard, achieving remote code execution on the server.
Summary generated and translated by AI from the official description.
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://nagios.comhttp://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.htmlhttps://assets.nagios.com/downloads/nagiosxi/versions.phphttps://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.mdhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25296https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and