Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-9167: Security Disclosures - Nagios

Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.

CVE
#sql#xss#csrf#vulnerability#web#ios#windows#apache#java#intel#php#rce#ldap#ssrf#log4j#auth#ssh#docker

Notice: Spring4Shell Vulnerability – Nagios does not use the Java Spring framework****Notice: Our response to CVE-2021-44228 and log4j in Nagios products****Reporting Security Vulnerabilities

At Nagios, we make security a priority. We strive to patch any security issues in a timely manner. We highly recommend using the latest versions available of our software. The latest versions will include security fixes that remediate the vulnerabilites shown below.

Please send security vulnerabilities found in any of the Nagios commercial products and security related emails to [email protected]. All non-security related bug reports should be given through a Support Ticket or through a post on the Support Forum.

Disclosed Vulnerabilites

Below is a listing of CVEs for patched security vulnurabilites that have been disclosed for Nagios products. Product version below does not mean that the security issue is only in that product version. Upgrade to the latest version to ensure all known vulnerabilities are patched. Scroll down to see all products.

Nagios XI 5.8

CVE

Vulnerability Summary

Remediation Summary

CVE-2022-29272

Certain crafted redirect URLs on the login page could be redirected to external URLs.

Upgrade to Nagios XI 5.8.9 or above

CVE-2022-29271

Read-only users are able to submit a specific command to the schedule downtime page that would schedule downtimes.

Upgrade to Nagios XI 5.8.9 or above

CVE-2022-29270

When changing a user’s email addresses, users are not required to confirm their password which could be used to reset a user’s password via email.

Upgrade to Nagios XI 5.8.9 or above

CVE-2022-29269

Users could send HTML via setting the scheduled reporting message to have HTML code in it.

Upgrade to Nagios XI 5.8.9 or above

CVE-2021-40345

Command injection security vulnerability in the cmdsubsys.php cron job for installation of dashlets, components, and config wizards.

Upgrade to Nagios XI 5.8.6 or above

CVE-2021-40343

Permission security issue with file permissions for the migration script “nagios_unbundler.py” which could allow arbitrary code execution.

Upgrade to Nagios XI 5.8.6 or above

CVE-2021-40344

Security issue with file validation in the admin custom includes component allowed php files to be uploaded and executed.

Upgrade to Nagios XI 5.8.6 or above or upgrade Custom Includes component to version 1.1.0 or above

CVE-2021-38156

XSS vulnerability in Manage My Dashboards edit dashboard title functionality.

Upgrade to Nagios XI 5.8.6 or above

CVE-2021-37223

SSRF in Scheduled Reports when the report url is from outside the Nagios XI system.

Upgrade to Nagios XI 5.8.6 or above

CVE-2021-33177

The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.

Upgrade to Nagios XI 5.8.5 or above

CVE-2021-33178

The Manage Backgrounds functionality within Nagvis versions prior to 2.0.8 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system as the apache user.

Upgrade to Nagios XI 5.8.6 or above and ensure NagVis component is 2.0.9+

CVE-2021-33179

The general user interface in Nagios XI versions prior to 5.8.5 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload.

Upgrade to Nagios XI 5.8.5 or above

CVE-2021-37344

Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).

Upgrade Switch config wizard from Admin > Manage Config Wizards to version 2.5.7 or above.

CVE-2021-37343

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.

Upgrade to Nagios XI 5.8.5 or above

CVE-2021-37345

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.

Upgrade to Nagios XI 5.8.5 or above

CVE-2021-37346

Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).

Upgrade WatchGuard config wizard from Admin > Manage Config Wizards to version 1.4.8 or above.

CVE-2021-37347

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.

Upgrade to Nagios XI 5.8.5 or above

CVE-2021-37348

Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.

Upgrade to Nagios XI 5.8.5 or above

CVE-2021-37349

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.

Upgrade to Nagios XI 5.8.5 or above

CVE-2021-37350

Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.

Upgrade to Nagios XI 5.8.5 or above

CVE-2021-37351

Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.

Upgrade to Nagios XI 5.8.5 or above

CVE-2021-37352

An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.

Upgrade to Nagios XI 5.8.5 or above

CVE-2021-37353

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php

Upgrade Docker config wizard from Admin > Manage Config Wizards to version 1.1.3 or above.

CVE-2021-36363
CVE-2021-36365

Local privilege escalation due to insecure permissions of the migrate.php and the repairmysql.sh files.

Upgrade to Nagios XI 5.8.5 or above

CVE-2021-36364
CVE-2021-36366

Local privilege escalation due to wildcard expansion in backup_xi.sh and manage_services.sh files.

Upgrade to Nagios XI 5.8.5 or above

Nagios XI 5.7

CVE

Vulnerability Summary

Remediation Summary

CVE-2021-25299

XSS vulnerability in the SSH Terminal page.

Upgrade to Nagios XI 5.8.0 or above

CVE-2021-25298

OS command injection as the apache user through variables passed into the Config Wizard.

Upgrade the Cloud-VM config wizard from Admin > Manage Config Wizards to version 1.0.4 or above.

CVE-2021-25297

OS command injection as the apache user through variables passed into the Config Wizard.

Upgrade the Switch config wizard from Admin > Manage Config Wizards to version 2.5.4 or above.

CVE-2021-25296

OS command injection as the apache user through variables passed into the Config Wizard.

Upgrade the Windows WMI config wizard from Admin > Manage Config Wizards to version 2.2.3 or above.

CVE-2021-3193

Unauthenticated remote code execution (RCE) vulnerability as the apache user in Nagios XI in the Docker config wizard.

Upgrade the Docker config wizard from Admin > Manage Config Wizards to version 1.1.2 or above.

CVE-2021-26023
CVE-2021-26024

XSS vulnerability and IDOR allowing users to add a favorite to other users security vulnerability in Favorites component.

Upgrade the Favorites component from Admin > Manage Components to version 1.0.2 or above.

CVE-2020-35578

Remote code execution (RCE) vulnerability in Nagios XI in Manage Plugins page when uploading plugin with option to convert line endings.

Upgrade to Nagios XI 5.8.0 or above.

CVE-2020-28910

Creation of a Temporary Directory with Insecure Permissions allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.

Upgrade to Nagios XI 5.8.4 or above for full changes.

CVE-2020-28648

Remote code execution (RCE) from improper input validation in the Auto-Discovery component allows an authenticated attacker to execute remote code.

Upgrade to Nagios XI 5.7.5 or above.

CVE-2020-5790

Cross-site request forgery (CSRF) vulnerabilities in Nagios XI for SNMP Trap Sender and Manage MIBs admin pages.

Upgrade to Nagios XI 5.7.4 or above.

CVE-2020-5791

An OS command injection vulnerability in the Admin Manage MIBs page. A remote, authenticated attacker with admin privileges may exploit this vulnerability to execute arbitrary OS commands with privileges of the ‘apache’ user.

Upgrade to Nagios XI 5.7.4 or above.

CVE-2020-5792

An OS command argument injection vulnerability in the Send Custom Trap command in the SNMP Trap Interface.

Upgrade to Nagios XI 5.7.4 or above.

CVE-2020-15903

Privilege escalation as user nagios to root in backend scripts that are run as root user due to permissions and included files.

Upgrade to Nagios XI 5.7.3 or above.

CVE-2020-15901

Remote code execution as authenticated user in ajaxhelper.php allows remote attackers to execute arbitrary commands via cmdsubsys.

Upgrade to Nagios XI 5.7.2 or above.

CVE-2020-15902

XSS vulnerability in Graph Explorer via the link url option.

Upgrade to Nagios XI 5.7.2 or above.

Nagios XI 5.6

CVE

Vulnerability Summary

Remediation Summary

X-Force 179406

Possible postauth SQL injection in the SNMP Trap Interface page. User must have administative privliges to access.

Upgrade to Nagios XI 5.6.14 or above.

X-Force 179405

Authenticated remote execution vulnerability in command_test.php script using the address paramater. User must have access to the CCM to access.

Upgrade to Nagios XI 5.6.14 or above.

X-Force 179404

Authenticated remote code execution vulnerabilitiy in export-rrd.php in start, end, or step parameter.

Upgrade to Nagios XI 5.6.14 or above.

CVE-2020-10821

XSS vulnerability as an authenticated user via the account/main.php theme parameter.

Upgrade to Nagios XI 5.6.13 or above.

CVE-2020-10819
CVE-2020-10820

XSS vulnerability as an authenticated administrator via the LDAP/AD component username and password parameters.

Upgrade to Nagios XI 5.6.13 or above.

CVE-2019-20197

Remote command execution as authenticated user. The user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.

Upgrade to Nagios XI 5.6.10 or above.

CVE-2019-20139

XSS vulnerability exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. An authenticated user can use this method of attack against any user.

Upgrade the Operations Center component from Admin > Manage Components to version 1.3.3 or above.

CVE-2019-15949

Remote command execution as root vulnerability in Nagios XI’s getprofile.sh script. The script runs when profiles are created via the profile component. User must have access to edit plugins or access to the nagios user on the server.

Upgrade to Nagios XI 5.6.6 or above.

Nagios XI 5.5

CVE

Vulnerability Summary

Remediation Summary

CVE-2019-9164

Command Injection vulnerability that allows specific command to remotely execute code when making a new autodiscovery job. Users must be authenticated and have access to autodiscovery to be able to execute a new job.

Upgrade to Nagios XI 5.5.11 or above.

CVE-2019-9165

SQL Injection vulnerability via the API when using fusekeys and malicious user id.

Upgrade to Nagios XI 5.5.11 or above.

CVE-2019-9166

Root Priviledge Escalation rearding permissions on config.inc.php and import_xiconfig.php allowing non-priviledged users to write to the files. This exploit requires access to the files on the server. Both files should be root owned with no write permissions.

Upgrade to Nagios XI 5.5.11 or above.

CVE-2019-9167

XSS vulnerability that can be passed in using the xiwindow parameter.

Upgrade to Nagios XI 5.5.11 or above.

CVE-2019-9202

Authorized remote code execution in Nagios IM component via API key issues.

Upgrade Nagios IM component to version 2.2.7 or above.

Alternatively, remove the nagiosim component if not in use.

CVE-2019-9203

Authorization bypass in Nagios IM component allowing closing incidents in IM via the API.

Upgrade Nagios IM component to version 2.2.7 or above.

Alternatively, remove the nagiosim component if not in use.

CVE-2019-9204

SQL Injection in Nagios IM component.

Upgrade Nagios IM component to version 2.2.7 or above.

Alternatively, remove the nagiosim component if not in use.

CVE-2018-20171
CVE-2018-20172

Unauthorized XSS vulnerabilities in the rss_dashlet. This is related to the scripts in being URL-accessible from the Magpie RSS scripts scripts directory.

Upgrade to Nagios XI 5.5.8 or above.

For immediate remediation remove the magpierss/scripts directory from rss_dashlet.

CVE-2018-15708

Unauthenticated Remote Code Execution via Command Argument Injection. A critical vulnerability exists in a custom version of Snoopy being used in MagpieRSS which allows a remote, unauthenticated attacker to inject arbitrary arguments into a “curl” command. This can be done by requesting magpie_debug.php with a crafted value specified in the HTTP GET ‘url’ parameter.

Upgrade to Nagios XI 5.5.7 or above.

For immediate remediation remove the rss_dashlet if you are not using it.

CVE-2018-15709

Authenticated Command Injection. The Nagios subsystem is vulnerable to command injection in many cases. An authenticated attacker may inject and execute arbitrary OS commands. Must be an authenticated user (can be non-admin).

Upgrade to Nagios XI 5.5.7 or above.

CVE-2018-15710

Local Privilege Escalation (to root) via Command Injection. An Auto Discovery script suffers from a local command injection vulnerability which can be exploited to gain
root OS privileges. Must be authenticated user with access to Auto Discovery component.

Upgrade to Nagios XI 5.5.7 or above.

CVE-2018-15711

Unauthorized API Key Regeneration. An low-privileged, authenticated user can force API key regeneration for any Nagios XI user (including admins). When the API key is regenerated, the new one is returned in the response body. Must be authenticated user.

Upgrade to Nagios XI 5.5.7 or above.

CVE-2018-15712

Unauthenticated Persistent Cross-site Scripting. A persistent cross-site scripting (XSS) vulnerability exists in the Nagios XI Business Process Intelligence (BPI) component’s api_tool.php.

Upgrade to Nagios XI 5.5.7 or above.

CVE-2018-15713

Authenticated Persistent Cross-site Scripting. A persistent cross-site scripting vulnerability was discovered in Nagios XI in admin/users.php. This vulnerability requires authentication to be exploited successfully.

Upgrade to Nagios XI 5.5.7 or above.

CVE-2018-15714

Reflected Cross-site Scripting. A reflected cross-site scripting vulnerability exists within /usr/local/nagiosxi/html/account/checkauth.php. This vulnerability requires authentication to be exploited successfully.

Upgrade to Nagios XI 5.5.7 or above.

CVE-2018-17147

A cross-site scripting (XSS) vulnerability exists in the auto login admin management page.

Upgrade to Nagios XI 5.5.5 or above.

Nagios XI 5.4

CVE

Vulnerability Summary

Remediation Summary

CVE-2018-10554

An Cross Site Scripting vulernability (XSS) was discovered in Nagios XI 5.4.13 in scheduling new reports, downtime.php, ajaxhelper.php and deploynotifications.

Upgrade to Nagios XI 5.5.0 or above.

CVE-2018-10553

The xiwindow parameter in Nagios XI can be used to load any web-accessible files into the iframe. These files can be accessed via apache normally, without the use of the xiwindow URL parameter.

Avoid keeping any files that should not be accessed (or are not PHP and session authenticated) out of the /usr/local/nagiosxi/html directory.

CVE-2018-8733

Authentication bypass vulnerability in NagiosQL in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.

Upgrade to Nagios XI 5.4.13 or above.

For immidiate remediation, remove the /etc/httpd/conf.d/nagiosql.conf apache configuration file and restart apache.

CVE-2018-8734
CVE-2018-10735
CVE-2018-10736
CVE-2018-10737
CVE-2018-10738

SQL injection vulnerabilities in the legacy NagiosQL component in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via different pages and parameters.

Upgrade to Nagios XI 5.4.13 or above.

For immidiate remediation, remove the /etc/httpd/conf.d/nagiosql.conf apache configuration file and restart apache.

CVE-2018-8735

Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection. Attack requires an authenticated user with access to the CCM.

Upgrade to Nagios XI 5.4.13 or above.

CVE-2018-8736

A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root. Attack requires an authenticated user with access to the CCM.

Upgrade to Nagios XI 5.4.13 or above.

Nagios Fusion 4

CVE

Vulnerability Summary

Remediation Summary

CVE-2020-28903

XSS vulnerabilities in data that is displayed in dashboard and dashlets.

Update to Nagios Fusion 4.1.9 or above

CVE-2020-28905

Authenticated remote code execution (from the context of low-privileges user) in table pagination.

Update to Nagios Fusion 4.1.9 or above

CVE-2020-28902

Privilege escalation from apache to nagios via command injection on timezone parameter in cmd_subsys.php.

Update to Nagios Fusion 4.1.9 or above

CVE-2020-28901

Privilege escalation from apache to nagios via command injection on component_dir parameter in cmd_subsys.php.

Update to Nagios Fusion 4.1.9 or above

CVE-2020-28904

Privilege escalation from apache to nagios via installation of malicious component.

Update to Nagios Fusion 4.1.9 or above

CVE-2020-28900

Privilege escalation from nagios to root via upgrade_to_latest.sh.

Update to Nagios Fusion 4.1.9 or above

CVE-2020-28907

Privilege escalation from apache to root via upgrade_to_latest.sh and modification of proxy config.

Update to Nagios Fusion 4.1.9 or above

CVE-2020-28906

Privilege escalation from nagios to root via modification of fusion-sys.cfg.

Update to Nagios Fusion 4.1.9 or above

CVE-2020-28909

Privilege escalation from nagios to root via modification of scripts that can execute as sudo.

Update to Nagios Fusion 4.1.9 or above

CVE-2020-28908

Privilege escalation from apache to nagios via command injection in cmd_subsys.php.

Update to Nagios Fusion 4.1.9 or above

CVE-2020-28911

Lower priviledged user can authenticate to fused server when credentials are stored.

Update to Nagios Fusion 4.1.9 or above

Nagios Network Analyzer 2

CVE

Vulnerability Summary

Remediation Summary

CVE-2021-28925

A SQL injection in the API Sources endpoint.

Update to Nagios Network Analyzer 2.4.3 and above

CVE-2021-28924

A XSS vulnerability has been discovered the Queries page.

Update to Nagios Network Analyzer 2.4.3 and above

Nagios Log Server 2

CVE

Vulnerability Summary

Remediation Summary

CVE-2019-15898

A reflected (XSS) vulnerability has been discovered in Nagios Log Server via the username on the Login page.

Update to Nagios Log Server 2.0.8 and above

CVE-2020-16157

A reflected (XSS) vulnerability has been discovered in Nagios Log Server via the Notification Methods on the Alerts page.

Update to Nagios Log Server 2.1.7 and above

Nagios Core 4

CVE

Vulnerability Summary

Remediation Summary

CVE-2018-18245

A cross-site scripting (XSS) vulnerability has been discovered in Nagios Core. This vulnerability allows attackers to place malicious JavaScript code into the web frontend through manipulation of plugin output.
In order to do this the attacker needs to be able to manipulate the output returned by nagios checks, e.g. by replacing a plugin on one of the monitored endpoints. Execution of the payload then requires that an authenticated user creates an alert summary report which contains the corresponding output.

Update to Nagios Core 4.4.3 or Nagios XI 5.5.9 and above
(You can also patch this with Core maint branch)

Related news

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software (

CVE-2023-6378: News

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers

A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit (CTU) has dubbed the e-crime group Gold Melody, which is also known by the names Prophet Spider (CrowdStrike) and UNC961 (Mandiant). "This financially motivated

CVE-2023-25201: Security Advisories - usd HeroLab

Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.

CVE-2022-47501: The Apache OFBiz® Project - Security

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a  pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07.

Healthcare in the Crosshairs of North Korean Cyber Operations

CISA, FBI, and South Korean intelligence agencies warn that the North Korean government is sponsoring ransomware attacks to fund its cyber-espionage activities.

Nagios XI 5.7.5 Remote Code Execution

This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apache user. Valid credentials for a Nagios XI user are required. This module has been successfully tested against official NagiosXI OVAs versions 5.5.6 through 5.7.5.

CVE-2022-45589: Talend Security

SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT thru 8.0.1-R2022-10-RT when using the provisioning service.

CVE-2022-46769: Apache Sling :: News

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual dead drop helps the malware blend in," Secureworks principal researcher Rafe Pilling said. "All the

CVE-2022-38123: Cybersecurity Advisory - Secomea

Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.

Exploit Attempts Underway for Apache Commons Text4Shell Vulnerability

The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.

U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020. The agency said the cyber activity mounted by the individuals is partially attributable to intrusion sets tracked

Vulnerability Exploits, Not Phishing, Are the Top Cyberattack Vector for Initial Compromise

A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year.

MobileIron Log4Shell Remote Command Execution

MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This Metasploit module will start an LDAP server that the target will need to connect to.

CVE-2022-24406: Full Disclosure: Open-Xchange Security Advisory 2022-07-21

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.

CVE-2022-29272: GitHub - sT0wn-nl/CVEs: The following is a list of my collected CVE's

In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.

CVE-2022-29272: GitHub - sT0wn-nl/CVEs: The following is a list of my collected CVE's

In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.

CVE-2022-29272: GitHub - sT0wn-nl/CVEs: The following is a list of my collected CVE's

In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.

CVE-2022-29272: GitHub - sT0wn-nl/CVEs: The following is a list of my collected CVE's

In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.

CVE-2022-29855: Security Advisories

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

CVE-2022-29855: Security Advisories

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

Published on: 2021 Dec 11, updated 2022 Apr 6. SUMMARY SUMMARY Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9 Dec 2021. Currently, Microsoft is not aware of any impact, outside of the initial disclosure involving Minecraft: Java Edition, to the security of our enterprise services and has not experienced any degradation in availability of those services as a result of this vulnerability.

CVE-2021-44228: Log4j – Apache Log4j Security Vulnerabilities

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

CVE-2021-42117: Release Notes - TopEase Documentation

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution.

CVE-2021-40345

An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.

CVE-2020-35198: Wind River

An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.

CVE-2021-25298: Nagios - Network, Server and Log Monitoring Software

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.

CVE-2020-5791: Nagios XI Multiple Vulnerabilities

Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907