This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:NAGIOSXI-CND-INJ-JOB
|
Severity |
Major
|
Recommended |
Yes
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Nagios XI Autodiscovery Job Command Injection
|
Release Date |
2019/06/11
|
Update Number |
3179
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Nagios XI Autodiscovery Job Command Injection
This signature detects attempts to exploit a known vulnerability against Autodiscovery Job component of Nagios XI. The vulnerability is due to insufficient validation of parameters submitted when creating a new autodiscovery job. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in the execution of arbitrary code as the apache user.
Extended Description
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
Affected Products
- Nagios nagios_xi 5
- Nagios nagios_xi 5.2.0
- Nagios nagios_xi 5.2.1
- Nagios nagios_xi 5.2.2
- Nagios nagios_xi 5.2.3
- Nagios nagios_xi 5.2.4
- Nagios nagios_xi 5.2.5
- Nagios nagios_xi 5.2.6
- Nagios nagios_xi 5.2.7
- Nagios nagios_xi 5.2.8
- Nagios nagios_xi 5.2.9
- Nagios nagios_xi 5.3.0
- Nagios nagios_xi 5.3.1
- Nagios nagios_xi 5.3.2
- Nagios nagios_xi 5.3.3
- Nagios nagios_xi 5.3.4
- Nagios nagios_xi 5.4.0
- Nagios nagios_xi 5.4.1
- Nagios nagios_xi 5.4.10
- Nagios nagios_xi 5.4.11
- Nagios nagios_xi 5.4.12
- Nagios nagios_xi 5.4.13
- Nagios nagios_xi 5.4.2
- Nagios nagios_xi 5.4.3
- Nagios nagios_xi 5.4.4
- Nagios nagios_xi 5.4.5
- Nagios nagios_xi 5.4.6
- Nagios nagios_xi 5.4.7
- Nagios nagios_xi 5.4.8
- Nagios nagios_xi 5.4.9
- Nagios nagios_xi 5.5.0
- Nagios nagios_xi 5.5.1
- Nagios nagios_xi 5.5.10
- Nagios nagios_xi 5.5.2
- Nagios nagios_xi 5.5.3
- Nagios nagios_xi 5.5.4
- Nagios nagios_xi 5.5.5
- Nagios nagios_xi 5.5.6
- Nagios nagios_xi 5.5.7
- Nagios nagios_xi 5.5.8
- Nagios nagios_xi 5.5.9
References