CVE-2021-25296

HIGH KEV NUCLEI

Nagios XI xi-5.7.5 - Command Injection

Title source: llm

Exploitation Summary

CVE-2021-25296 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 18, 2022. EIP tracks 1 public exploit from researchers including Matthew Mathur, including a Metasploit module exploits/linux/http/nagios_xi_configwizards_authenticated_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in Nagios XI's configuration wizards. It allows authenticated users to execute arbitrary commands on vulnerable Nagios XI versions (5.5.6 to 5.7.5).

Description

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Matthew Mathur · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagios_xi_configwizards_authenticated_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in Nagios XI's configuration wizards. It allows authenticated users to execute arbitrary commands on vulnerable Nagios XI versions (5.5.6 to 5.7.5).

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Nagios XI versions 5.5.6 to 5.7.5

Auth required

Prerequisites: Valid Nagios XI user credentials · Access to the Nagios XI web interface

MITRE ATT&CK