NagiosXI 5.2.6 – 5.4.12 unauthenticated exploit chain leads to root access
Yesterday (10th of May) Nagios ( posted information about several vulnerabilities that has been found in Nagios which can be (unauthenticated) chain executed and will lead to root access. Nagios users are urged (especially if Nagios is publicly accessible) to upgrade as soon as possible.

The chain consists of the following steps:

* CVE-2018-8734 - SQL injection (unauthenticated)
* CVE-2018-8733 - authentication bypass
* CVE-2018-8735 - command injection (authenticated)
* CVE-2018-8736 - local privilege escalation

More information in detail can be found here:…

Upgrade is available here (OVA):…

26 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!