Attacker Value
Very High
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

Nagios XI RCE via Snoopy Library

Disclosure Date: November 14, 2018 Last updated February 13, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    High
Technical Analysis

If this vulnerability is found in the wild, then it’s likely that the target is vulnerable to CVE-2018-15710 as well. An attacker can get unauthenticated root access to a target given that it is vulnerable to both vulnerabilities, which means it is incredibly important to get this patched. A module now exists for this vulnerability, which further eases the process of exploitation.

General Information

Additional Info

Technical Analysis