CVE-2019-15949 — HIGH (8.8)

Q: How severe is CVE-2019-15949?

CVE-2019-15949 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-15949?

Check the references section above for vendor advisories and patch information. Affected products include: Nagios Nagios Xi.

Vulnerability Description

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Nagios	Nagios Xi	< 5.6.6

Related Weaknesses (CWE)

CWE-78

References

http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-CommaExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-CommaExploitThird Party AdvisoryVDB Entry
https://github.com/jakgibb/nagiosxi-root-rce-exploitExploitThird Party Advisory
http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-CommaExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-CommaExploitThird Party AdvisoryVDB Entry
https://github.com/jakgibb/nagiosxi-root-rce-exploitExploitThird Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-US Government Resource

FAQ

What is CVE-2019-15949?

CVE-2019-15949 is a vulnerability with a CVSS score of 8.8 (HIGH). Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh scrip...

How severe is CVE-2019-15949?

CVE-2019-15949 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-15949?

Check the references section above for vendor advisories and patch information. Affected products include: Nagios Nagios Xi.