Description

A critical vulnerability exists in the MagpieRSS library that is distributed with Nagios XI. This library contains a custom version of the Snoopy component which allows a remote, unauthenticated attacker to inject arbitrary arguments into a "curl" command. By requesting magpie_debug.php with a crafted value specified in the HTTP GET 'url' parameter, the vulnerable component can be exploited to write arbitrary data to a location on disk that is writable by the 'apache' user.

Remediation

Upgrade to the latest version of Nagios XI (this vulnerability was fixed in Nagios XI version 5.5.7).

References

[R2] Nagios XI Multiple Vulnerabilities

Nagios XI Change Log

Related Vulnerabilities

Flask debug mode

Apache mod_rewrite off-by-one buffer overflow vulnerability

Joomla! Core 3.9.x Remote Code Execution (3.9.7 - 3.9.8)

WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)

Apache OFBiz SOAPService Deserialization RCE

Severity

High

Classification

CVE-2018-15708 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution