CVE-2018-15710

HIGH

Nagios XI 5.5.6 - Authenticated Privilege Escalation via Autodiscover_new.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-15710. PoCs published by Metasploit, Chris Lyne, Chris Lyne (@lynerc), Guillaume André (@yaumn_), bcoles, including Metasploit module exploits/linux/http/nagios_xi_magpie_debug.

AI-analyzed exploit summary This Metasploit module exploits CVE-2018-15708 (unauthenticated RCE) and CVE-2018-15710 (local privilege escalation) in Nagios XI 5.5.6 to achieve a root reverse shell. It uploads a webshell and meterpreter payload, then escalates privileges via autodiscovery or NSE script execution.

Description

Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/47039

This Metasploit module exploits CVE-2018-15708 (unauthenticated RCE) and CVE-2018-15710 (local privilege escalation) in Nagios XI 5.5.6 to achieve a root reverse shell. It uploads a webshell and meterpreter payload, then escalates privileges via autodiscovery or NSE script execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Nagios XI 5.5.6
No auth needed
Prerequisites: Network access to Nagios XI server · Publicly reachable IP for callback
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Chris Lyne · pythonwebappslinux
https://www.exploit-db.com/exploits/46221

This exploit leverages CVE-2018-15710 (and CVE-2018-15708) to achieve remote code execution and privilege escalation on Nagios XI versions 2012r1.0 to 5.5.6. It uses a self-signed certificate to serve a malicious PHP file via an HTTP server, then exploits MagpieRSS to write the file to the target system, leading to arbitrary command execution and root access via sudo misconfigurations.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Nagios XI 2012r1.0 to 5.5.6
No auth needed
Prerequisites: Network access to Nagios XI instance · MagpieRSS debug script accessible · Outbound connectivity from target to attacker's HTTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Chris Lyne (@lynerc), Guillaume André (@yaumn_), bcoles · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagios_xi_magpie_debug.rb

This Metasploit module exploits CVE-2018-15708 (unauthenticated RCE) and CVE-2018-15710 (local privilege escalation) in Nagios XI <= 5.5.6. It uploads a PHP webshell and Meterpreter payload via the vulnerable magpie_debug.php endpoint, then escalates privileges to root using sudo misconfigurations.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Nagios XI <= 5.5.6
No auth needed
Prerequisites: Network access to Nagios XI web interface · Publicly reachable IP for callback
devstral-2 · analyzed Mar 13, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46221/
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2018-37

Scores

CVSS v3 7.8
EPSS 0.7578
EPSS Percentile 98.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
nagios/nagios_xi 5.5.6
Published Nov 14, 2018
Tracked Since Feb 18, 2026