cbcvebase.
CVE-2018-15708
published 2018-11-14

CVE-2018-15708: Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

PriorityP188critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
89.36%
99.8th percentile
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

Affected

1 ranges
VendorProductVersion rangeFixed in
nagiosnagios_xi

Detection & IOCsextracted from sources · hover to see the quote

  • ·The exploit requires the attacker to control an HTTPS server reachable by the Nagios XI instance. The PoC uses a self-signed certificate; SSL verification must be disabled on the victim side (Snoopy/curl) for the file fetch to succeed.
  • ·Privilege escalation (CVE-2018-15710) depends on the sudoers configuration granting NOPASSWD execution of autodiscover_new.php to both 'apache' and 'nagios' users. Verify sudoers entries before assuming root escalation is possible.
  • ·The Metasploit module tries multiple writable paths and privilege escalation methods depending on the Nagios XI version; not all paths/methods will work on every installation.
  • ·autodiscover_new.php is protected by Source Guardian obfuscation, preventing full static analysis; black-box testing was used to confirm the injection point.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.