CVE-2013-1362

Opensuse < 2.13 - Improper Input Validation

Title source: rule

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-1362. PoCs published by Metasploit, Rudolph Pereir, including Metasploit module exploits/linux/misc/nagios_nrpe_arguments.

AI-analyzed exploit summary This Metasploit module exploits CVE-2013-1362 in Nagios Remote Plugin Executor (NRPE) by leveraging improper sanitization of command-line arguments when 'dont_blame_nrpe' is enabled, allowing arbitrary command execution via command substitution.

Description

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/24955

View Code ZIP pw:eip

This Metasploit module exploits CVE-2013-1362 in Nagios Remote Plugin Executor (NRPE) by leveraging improper sanitization of command-line arguments when 'dont_blame_nrpe' is enabled, allowing arbitrary command execution via command substitution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Nagios Remote Plugin Executor prior to 2.14

No auth needed

Prerequisites: NRPE configured with 'dont_blame_nrpe' enabled · Network access to NRPE service (default port 5666)

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Rudolph Pereir · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/nagios_nrpe_arguments.rb