all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Nagios XI 5.7.5 Remote Code Execution

Add to bookmarks
Feb. 8, 2023, 4:27 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apache user. Valid credentials for a Nagios XI user are required. This module has been successfully tested against official NagiosXI OVAs versions 5.5.6 through 5.7.5.

apache cloud code code execution command command injection configuration credentials cve exploits injection metasploit nagios official remote code remote code execution switch valid vulnerabilities

Visit resource

More from packetstormsecurity.com / Packet Storm

Wireshark Analyzer 4.2.5 2 days, 10 hours ago | packetstormsecurity.com
capture code commercial features +14
Packet Fence 13.2.0 2 days, 10 hours ago | packetstormsecurity.com
abnormal access access control a network +21
SIPPTS 4.0 2 days, 10 hours ago | packetstormsecurity.com
audit check devices protocol +13
Debian Security Advisory 5692-1 2 days, 11 hours ago | packetstormsecurity.com
advisory arbitrary code code debian +18
Debian Security Advisory 5691-1 2 days, 11 hours ago | packetstormsecurity.com
advisory arbitrary code browser clickjacking +16
Debian Security Advisory 5689-1 2 days, 11 hours ago | packetstormsecurity.com
advisory arbitrary code aware chromium +19
Debian Security Advisory 5690-1 2 days, 11 hours ago | packetstormsecurity.com
advisory click debian debian linux security +11
Ubuntu Security Notice USN-6766-2 2 days, 11 hours ago | packetstormsecurity.com
action attacker conditions denial of service +16
Red Hat Security Advisory 2024-2852-03 2 days, 11 hours ago | packetstormsecurity.com
advisory apache build developer +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

@ Hifield | Sèvres, France
View on infosec-jobs.com

Infrastructure Consultant

@ Telefonica Tech | Belfast, United Kingdom
View on infosec-jobs.com