CyberSec.Space Logo
Back to CVE Browser

CVE-2018-15708

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1400%
EPSS Percentile16.43th
PublishedNov 14, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

Affected Platforms (CPE)

πŸ“¦
Nagios

Nagios Xi

= 5.5.6

References & Advisories

πŸ”— http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html
πŸ”— https://www.exploit-db.com/exploits/46221/
πŸ”— https://www.tenable.com/security/research/tra-2018-37
πŸ”— http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html
πŸ”— https://www.exploit-db.com/exploits/46221/
πŸ”— https://www.tenable.com/security/research/tra-2018-37

Related Vulnerabilities

CVE-2002-195910.0

Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output.

CVE-2019-92039.8

Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.

CVE-2018-171489.8

An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snaps...

CVE-2019-91659.8

SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using f...