Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 Tenable Network Security, Inc.NAGIOSXI_5_8_5.NASL
HistorySep 24, 2021 - 12:00 a.m.

Nagios XI < 5.8.5 Multiple Vulnerabilities

2021-09-2400:00:00
This script is Copyright (C) 2021-2024 Tenable Network Security, Inc.
www.tenable.com
130
nagios xi
vulnerabilities
remote code execution
privilege escalation
sql injection
security context
input sanitisation

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.514

Percentile

97.6%

JSON

According to the self-reported version of Nagios XI, the remote host is affected by multiple vulnerabilities, including the following:

  • A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios. (CVE-2021-37343)

  • Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. (CVE-2021-37345)

  • Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. (CVE-2021-37350)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(153612);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/05");

  script_cve_id(
    "CVE-2021-33177",
    "CVE-2021-33179",
    "CVE-2021-36363",
    "CVE-2021-36364",
    "CVE-2021-36365",
    "CVE-2021-36366",
    "CVE-2021-37343",
    "CVE-2021-37345",
    "CVE-2021-37347",
    "CVE-2021-37348",
    "CVE-2021-37349",
    "CVE-2021-37350",
    "CVE-2021-37351",
    "CVE-2021-37352"
  );
  script_xref(name:"IAVB", value:"2021-B-0053-S");

  script_name(english:"Nagios XI < 5.8.5 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a web application affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to the self-reported version of Nagios XI, the remote host is affected by multiple vulnerabilities, including
the following:

  - A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post 
    authenticated RCE under security context of the user running Nagios. (CVE-2021-37343)

  - Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from 
    the var directory for some scripts with elevated permissions. (CVE-2021-37345)

  - Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper 
    input sanitisation. (CVE-2021-37350)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.nagios.com/downloads/nagios-xi/change-log/");
  script_set_attribute(attribute:"see_also", value:"https://www.nagios.com/products/security/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Nagios XI 5.8.5 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-37350");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Nagios XI Autodiscovery Webshell Upload');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/09/24");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:nagios:nagios_xi");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2021-2024 Tenable Network Security, Inc.");

  script_dependencies("nagios_enterprise_detect.nasl", "nagiosxi_nix_installed.nbin");
  script_require_ports("installed_sw/nagios_xi", "installed_sw/Nagios XI");

  exit(0);
}

include('vcf_extras.inc');

var app_info = vcf::nagiosxi::get_app_info();

var constraints = [
    {'fixed_version': '5.8.5'}
];

vcf::nagiosxi::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, default_fix:'5.8.5');

References

Related

thn 2
prion 14
cnvd 9
nvd 14
cve 14
cvelist 14
packetstorm 1
metasploit 2
zdt 1
rapid7blog 1
threatpost 1
thn
thn
New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures
2021-09-22 10:38:00
Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries
2022-01-10 14:35:00
prion
prion
Cross site scripting
2021-10-14 15:15:00
Sql injection
2021-08-13 12:15:00
Sql injection
2021-10-14 15:15:00
cnvd
cnvd
Nagios XI SQL Injection Vulnerability
2021-08-16 00:00:00
Nagios XI Cross-Site Scripting Vulnerability (CNVD-2021-90909)
2021-10-15 00:00:00
Nagios XI Open Redirect Vulnerability
2021-08-16 00:00:00
nvd
nvd
CVE-2021-33179
2021-10-14 15:15:09
CVE-2021-37348
2021-08-13 12:15:07
CVE-2021-37345
2021-08-13 12:15:07
cve
cve
CVE-2021-37348
2021-08-13 12:15:07
CVE-2021-37352
2021-08-13 12:15:07
CVE-2021-33179
2021-10-14 15:15:09
cvelist
cvelist
CVE-2021-33179
2021-10-14 14:57:17
CVE-2021-37349
2021-08-13 11:30:24
CVE-2021-37352
2021-08-13 11:29:41
packetstorm
packetstorm
Nagios XI Autodiscovery Shell Upload
2022-02-14 00:00:00
metasploit
metasploit
Nagios XI Autodiscovery Webshell Upload
2022-02-06 02:21:18
Nagios XI Scanner
2021-03-18 16:21:51
zdt
zdt
Nagios XI Autodiscovery Shell Upload Exploit
2022-02-14 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-02-18 21:24:12
threatpost
threatpost
URL Parsing-Library Bugs Allow DoS, RCE, Spoofing & More
2022-01-10 17:55:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.514

Percentile

97.6%

JSON
Related for NAGIOSXI_5_8_5.NASL
thn2prion14cnvd9nvd14cve14cvelist14packetstorm1metasploit2zdt1rapid7blog1threatpost1