Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2019/Apr/19 | Exploit Mailing List Third Party Advisory |
https://www.nagios.com/downloads/nagios-xi/change-log/ | Release Notes Vendor Advisory |
https://www.nagios.com/products/security/ | Vendor Advisory |
Configurations
History
06 Oct 2022, 17:57
Type | Values Removed | Values Added |
---|---|---|
References | (FULLDISC) http://seclists.org/fulldisclosure/2019/Apr/19 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2019-03-28 17:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-9164
Mitre link : CVE-2019-9164
CVE.ORG link : CVE-2019-9164
JSON object : View
Products Affected
nagios
- nagios_xi
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')