CVE-2021-25297
CVE-2021-25297
In short
Nagios XI version 5.7.5 has a flaw that allows authenticated users to run dangerous commands on the server by sending specially crafted requests. An attacker with login access can take control of the entire system.
Technical detail
OS command injection vulnerability in /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to insufficient input sanitization of authenticated user input. An authenticated attacker can inject arbitrary OS commands through a single HTTP request, achieving remote code execution with server privileges.
Summary generated and translated by AI from the official description.
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://nagios.comhttp://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.htmlhttps://assets.nagios.com/downloads/nagiosxi/versions.phphttps://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.mdhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25297https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and