Back to KEVs

CVE-2019-15949

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the...

Basic Information

CVE State
PUBLISHED
Reserved Date
September 05, 2019
Published Date
September 05, 2019
Last Updated
February 04, 2025
Vendor
n/a
Product
n/a
Description
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.

CVSS Scores

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://github.com/jakgibb/nagiosxi-root-rce-exploit http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagios_xi_plugins_check_plugin_authenticated_rce.rb 2025-04-29 11:01:14 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

nagios_xi_plugins_check_plugin_authenticated_rce

Type: metasploit • Created: Unknown

Metasploit module for CVE-2019-15949