CVE-2020-5792

HIGH

Nagios XI 5.7.3 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-5792. PoCs published by Erik Wynter, Chris Lyne, Erik Wynter, including Metasploit module auxiliary/scanner/http/nagios_xi_scanner.

AI-analyzed exploit summary This Metasploit module scans Nagios XI installations to detect their version and suggests matching exploit modules based on the version number. It requires authentication or a manually provided version to function.

Description

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.

Exploits (2)

metasploit SCANNER

by Erik Wynter · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/nagios_xi_scanner.rb

View Code ZIP pw:eip

This Metasploit module scans Nagios XI installations to detect their version and suggests matching exploit modules based on the version number. It requires authentication or a manually provided version to function.

Classification

Scanner 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Nagios XI

Auth required

Prerequisites: valid Nagios XI credentials or a specific version number

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Jun 05, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Chris Lyne, Erik Wynter · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagios_xi_snmptrap_authenticated_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated OS command injection vulnerability in Nagios XI (CVE-2020-5792) by uploading a PHP shell via SNMP trap functionality and executing arbitrary commands as the 'apache' user.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Nagios XI 5.5.0-5.7.3

Auth required

Prerequisites: Valid Nagios XI admin credentials · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.tenable.com/security/research/tra-2020-58

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/162284/Nagios-XI-5.7.3-Remote-Code-Execution.html

Scores

CVSS v3 7.2

EPSS 0.6097

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-88

Status published

Products (1)

nagios/nagios_xi 5.7.3

Published Oct 20, 2020

Tracked Since Feb 18, 2026