Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2021-25298

Disclosure Date: February 15, 2021 •

CVE-2021-25298 CVSS v3 Base Score: 8.8

Exploited in the Wild

Reported by gwillcox-r7 and 1 more...
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

exploit/linux/http/nagios_xi_configwizards_authenticated_rce

Description

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

8.8 High

Impact Score:

5.9

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

nagios

Products

nagios xi 5.7.5

Metasploit Modules

exploit/linux/http/nagios_xi_configwizards_authenticated_rce (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagios_xi_configwizards_authenticated_rce.rb)

Exploited in the Wild

Reported by:

gwillcox-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: January 25, 2022 1:11am UTC (2 years ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2022/01/18/cisa-adds-13-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:22am UTC (2 weeks ago)

References

Canonical

CVE-2021-25298 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25298)

Miscellaneous

http://nagios.com

https://assets.nagios.com/downloads/nagiosxi/versions.php

https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md

http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html

http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html

https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and

Rapid7

Unknown

CVE-2021-25298

Unknown

Unknown

None

Low

Network

CVE-2021-25298

Description