Attacker Value
Very High
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

Nagios XI RCE via Snoopy Library

Disclosure Date: November 14, 2018 Last updated February 13, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    High
Technical Analysis

If this vulnerability is found in the wild, then it’s likely that the target is vulnerable to CVE-2018-15710 as well. An attacker can get unauthenticated root access to a target given that it is vulnerable to both vulnerabilities, which means it is incredibly important to get this patched. A module now exists for this vulnerability, which further eases the process of exploitation.

Log in to Add Reply

General Information

Offensive Application
exploit
Utility Class
rce
Ports
Unknown
OS
Unknown
Vulnerable Versions
5.5.6
Prerequisites
Unknown
Discovered By
Chris Lyne
PoC Author
Unknown
Metasploit Module
Guillaume André
Reporter
Shelby Pace

Additional Info

Authenticated
Never
Exploitable
Always
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Very High
Technical Analysis