CVE-2018-8735

HIGH

Nagios XI <5.4.13 - RCE

Title source: llm

Description

Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/44969

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Jared Arave · pythonwebappsphp

https://www.exploit-db.com/exploits/44560

View Code ZIP pw:eip

metasploit WORKING POC MANUAL

by Cale Smith, Benny Husted, Jared Arave · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagios_xi_chained_rce_2_electric_boogaloo.rb

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Francesco Oddo, wvu · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagios_xi_chained_rce.rb

View Code ZIP pw:eip

References (6)

[Release Notes, Vendor Advisory] https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT

[Exploit, Technical Description, Third Party Advisory] https://blog.redactedsec.net/exploits/2018/04/26/nagios.html

[Third Party Advisory] https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44560/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44969/

[Release Notes, Vendor Advisory] https://www.nagios.com/downloads/nagios-xi/change-log/

Scores

CVSS v3 8.8

EPSS 0.7246

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

nagios/nagios_xi 5.2.0 - 5.4.13

Published Apr 18, 2018

Tracked Since Feb 18, 2026