Limited Black Friday Offer:
Nagios XI versions 5.5.6 to 5.7.5 - Command Injection Vulnerability CVE-2021-25297 Scanner
Nagios XI 5.5.6 to 5.7.5 allows command Injection vulnerability.
Short Info
Level
High
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Domain, Ipv4
Parent Category
Nagios XI versions 5.5.6 to 5.7.5 - Command Injection Vulnerability CVE-2021-25297 Scanner Detail
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
- http://nagios.com
- http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html
- https://assets.nagios.com/downloads/nagiosxi/versions.php
- https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md
- https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and