Signature Detail

HTTP: Nagios XI Autodiscovery Job Command Injection

This signature detects attempts to exploit a known vulnerability against Autodiscovery Job component of Nagios XI. The vulnerability is due to insufficient validation of parameters submitted when creating a new autodiscovery job. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in the execution of arbitrary code as the apache user.

Extended Description

Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.

Affected Products

• Nagios nagios_xi 5
• Nagios nagios_xi 5.2.0
• Nagios nagios_xi 5.2.1
• Nagios nagios_xi 5.2.2
• Nagios nagios_xi 5.2.3
• Nagios nagios_xi 5.2.4
• Nagios nagios_xi 5.2.5
• Nagios nagios_xi 5.2.6
• Nagios nagios_xi 5.2.7
• Nagios nagios_xi 5.2.8
• Nagios nagios_xi 5.2.9
• Nagios nagios_xi 5.3.0
• Nagios nagios_xi 5.3.1
• Nagios nagios_xi 5.3.2
• Nagios nagios_xi 5.3.3
• Nagios nagios_xi 5.3.4
• Nagios nagios_xi 5.4.0
• Nagios nagios_xi 5.4.1
• Nagios nagios_xi 5.4.10
• Nagios nagios_xi 5.4.11
• Nagios nagios_xi 5.4.12
• Nagios nagios_xi 5.4.13
• Nagios nagios_xi 5.4.2
• Nagios nagios_xi 5.4.3
• Nagios nagios_xi 5.4.4
• Nagios nagios_xi 5.4.5
• Nagios nagios_xi 5.4.6
• Nagios nagios_xi 5.4.7
• Nagios nagios_xi 5.4.8
• Nagios nagios_xi 5.4.9
• Nagios nagios_xi 5.5.0
• Nagios nagios_xi 5.5.1
• Nagios nagios_xi 5.5.10
• Nagios nagios_xi 5.5.2
• Nagios nagios_xi 5.5.3
• Nagios nagios_xi 5.5.4
• Nagios nagios_xi 5.5.5
• Nagios nagios_xi 5.5.6
• Nagios nagios_xi 5.5.7
• Nagios nagios_xi 5.5.8
• Nagios nagios_xi 5.5.9

References

• CVE: CVE-2019-9164