5/9/2019
21/11/2024
CVE-2019-15949: Nagios XI Remote Code Execution Vulnerability
First published: Thu Sep 05 2019(Updated: )
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|
Nagios Nagios XI | <5.6.6 | |
| | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-15949?
CVE-2019-15949 is a vulnerability in Nagios XI that allows remote code execution as root.
What is the severity of CVE-2019-15949?
The severity of CVE-2019-15949 is critical with a CVSS score of 8.8.
How does CVE-2019-15949 work?
CVE-2019-15949 can be exploited by accessing the server as the nagios user or as the admin user via the web interface to execute arbitrary commands as root.
Which versions of Nagios XI are affected by CVE-2019-15949?
Nagios XI versions up to and excluding 5.6.6 are affected by CVE-2019-15949.
How can CVE-2019-15949 be fixed?
To fix CVE-2019-15949, users should update to Nagios XI version 5.6.6 or higher.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/description
- agent/severity
- agent/weakness
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/author
- vendor/nagios
- canonical/nagios nagios xi
Contact
SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.coBy using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203