cve-2019-15949
Vulnerability from cvelistv5
Published
2019-09-05 16:50
Modified
2024-08-05 01:03
Severity ?
EPSS score ?
Summary
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
cve@mitre.org | http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
cve@mitre.org | https://github.com/jakgibb/nagiosxi-root-rce-exploit | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jakgibb/nagiosxi-root-rce-exploit | Exploit, Third Party Advisory |
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog
Date added: 2021-11-03
Due date: 2022-05-03
Required action: Apply updates per vendor instructions.
Used in ransomware: Unknown
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-15949
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:03:32.416Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/jakgibb/nagiosxi-root-rce-exploit" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-14T17:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/jakgibb/nagiosxi-root-rce-exploit" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15949", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/jakgibb/nagiosxi-root-rce-exploit", "refsource": "MISC", "url": "https://github.com/jakgibb/nagiosxi-root-rce-exploit" }, { "name": "http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html" }, { "name": "http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15949", "datePublished": "2019-09-05T16:50:38", "dateReserved": "2019-09-05T00:00:00", "dateUpdated": "2024-08-05T01:03:32.416Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "cisa_known_exploited": { "cveID": "CVE-2019-15949", "cwes": "[\"CWE-78\"]", "dateAdded": "2021-11-03", "dueDate": "2022-05-03", "knownRansomwareCampaignUse": "Unknown", "notes": "https://nvd.nist.gov/vuln/detail/CVE-2019-15949", "product": "Nagios XI", "requiredAction": "Apply updates per vendor instructions.", "shortDescription": "Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as root.", "vendorProject": "Nagios", "vulnerabilityName": "Nagios XI Remote Code Execution Vulnerability" }, "nvd": "{\"cve\":{\"id\":\"CVE-2019-15949\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-09-05T17:15:12.327\",\"lastModified\":\"2024-11-21T04:29:48.227\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.\"},{\"lang\":\"es\",\"value\":\"Nagios XI en versiones anteriores a la 5.6.6 permite la ejecuci\u00f3n remota de comandos como root. La explotaci\u00f3n requiere acceso al servidor como usuario nagios, o acceso como usuario administrador a trav\u00e9s de la interfaz web. El script getprofile.sh, invocado al descargar un perfil del sistema (profile.php?cmd=download), se ejecuta como root mediante una entrada de sudo sin contrase\u00f1a; el script ejecuta check_plugin, propiedad del usuario nagios. Un usuario que inici\u00f3 sesi\u00f3n en Nagios XI con permisos para modificar complementos, o el usuario de nagios en el servidor, puede modificar el ejecutable check_plugin e insertar comandos maliciosos para ejecutar como root.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2022-05-03\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Nagios XI Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.6.6\",\"matchCriteriaId\":\"793ADD2B-8A1D-4B63-91E1-101B7D500AEB\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/jakgibb/nagiosxi-root-rce-exploit\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/jakgibb/nagiosxi-root-rce-exploit\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.