CVE-2014-2913

Nagios Remote Plugin Executor <2.15 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-2913. PoCs published by Claudio Viviani, Dawid Golunski.

AI-analyzed exploit summary This exploit leverages CVE-2014-2913, a remote code execution vulnerability in NRPE <= 2.15, by injecting commands via newline characters bypassing input sanitization. It uses a custom NRPE packet structure to send malicious payloads to the target.

Description

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments

Exploits (2)

exploitdb WORKING POC
by Claudio Viviani · pythonremotemultiple
https://www.exploit-db.com/exploits/34461

This exploit leverages CVE-2014-2913, a remote code execution vulnerability in NRPE <= 2.15, by injecting commands via newline characters bypassing input sanitization. It uses a custom NRPE packet structure to send malicious payloads to the target.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NRPE <= 2.15
No auth needed
Prerequisites: Network access to NRPE service · NRPE service running with vulnerable version
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC
by Dawid Golunski · textremotemultiple
https://www.exploit-db.com/exploits/32925

This exploit leverages a command injection vulnerability in NRPE (Nagios Remote Plugin Executor) by injecting a newline character to bypass input sanitization, allowing arbitrary command execution as the 'nagios' user.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: NRPE (Nagios Remote Plugin Executor) <= 2.15
No auth needed
Prerequisites: NRPE configured with command arguments enabled · Network access to the NRPE port
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (9)

Core 9
Core References
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-05/msg00014.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66969
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q2/155
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166528.html
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-05/msg00005.html
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q2/154
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Apr/240
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Apr/242

Scores

EPSS 0.1531
EPSS Percentile 96.4%

Details

Status published
Products (4)
nagios/remote_plugin_executor < 2.15
opensuse/opensuse 11.4
opensuse/opensuse 12.3
opensuse/opensuse 13.1
Published May 07, 2014
Tracked Since Feb 18, 2026