Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
Recent assessments:
space-r7 at June 28, 2019 3:23pm UTC reported:
If this vulnerability is found in the wild, then it’s likely that the target is vulnerable to CVE-2018-15710 as well. An attacker can get unauthenticated root access to a target given that it is vulnerable to both vulnerabilities, which means it is incredibly important to get this patched. A module now exists for this vulnerability, which further eases the process of exploitation.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 4