CVE-2018-8735

Sažetak

Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.

Reference

https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
https://blog.redactedsec.net/exploits/2018/04/26/nagios.html
https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f
https://www.exploit-db.com/exploits/44560/
https://www.exploit-db.com/exploits/44969/
https://www.nagios.com/downloads/nagios-xi/change-log/

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

04-03-2019 - 18:48

Objavljeno

18-04-2018 - 00:29