Various vulnerabilities have been found in Nagios XI version 5.5.10, which allow a remote attacker able to trick an authenticated victim (with โautodiscovery jobโ creation privileges) to visit a malicious URL to obtain a remote root shell via a reflected cross site scripting, an authenticated remote code Execution and a local privilege escalation.
Nagios XI 5.5.10: XSS to #
Pubblicato dapolict 10 Aprile 2019
Tl;dr
A remote attacker could trick an authenticated victim (with โautodiscovery jobโ creation privileges) to visit a malicious URL and obtain a remote root shell via a reflected Cross-Site Scripting (XSS), an authenticated Remote Code Execution (RCE) and a Local Privilege Escalation (LPE).
Introduction
A few months ago I read about some Nagios XI vulnerabilities which got me interested in studying it a bit by myself. For those of you who donโt know what Nagios XI is I suggest you have a look at their website.
Fortunately, around that same time the team I am part of in Shielder chose to start spending one week each month to research or 0day discovery projects. These vulnerabilities are part of the ones I have found during that week, you can read about all of them at the security disclosures page. My target was to find an unauthenticated remote code execution with zero interaction needed, which I couldnโt find in that time span, maybe Iโll have a second look sometime in the future
# 0day.today [2019-04-17] #