CVE-2018-15708
published 2018-11-14CVE-2018-15708: Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
PriorityP188critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
89.36%
99.8th percentile
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nagios | nagios_xi | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·The exploit requires the attacker to control an HTTPS server reachable by the Nagios XI instance. The PoC uses a self-signed certificate; SSL verification must be disabled on the victim side (Snoopy/curl) for the file fetch to succeed. ↗
- ·Privilege escalation (CVE-2018-15710) depends on the sudoers configuration granting NOPASSWD execution of autodiscover_new.php to both 'apache' and 'nagios' users. Verify sudoers entries before assuming root escalation is possible. ↗
- ·The Metasploit module tries multiple writable paths and privilege escalation methods depending on the Nagios XI version; not all paths/methods will work on every installation. ↗
- ·autodiscover_new.php is protected by Source Guardian obfuscation, preventing full static analysis; black-box testing was used to confirm the injection point. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
exploitdb·2019-06-26·CVSS 9.8
CVE-2018-15710 [CRITICAL] Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule "Nagios XI Magpie_debug.php Root Remote Code Execution",
'Description' => %q{
This module exploits two vulnerabilities in Nagios XI 5.5.6:
CVE-2018-15708 which allows for unauthenticated remote code execution
and CVE 2018–15710 which allows for local privilege escalation.
When combined, these two vulnerabilities give us a root reverse shell.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Chris Lyne (@lynerc)', # First working exploit
'Guillaume André (@yaumn_)' # Metasploit module
],
'References' =>
[
['CVE', '2018-15708'],
['CVE', '2018-15710'],
['EDB'
Exploit-DB
Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation
exploitdb·2019-01-23·CVSS 9.8
CVE-2018-15710 [CRITICAL] Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation
Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation
---
# Exploit Title: Nagios XI 5.5.6 Remote Code Execution and Privilege Escalation
# Date: 2019-01-22
# Exploit Author: Chris Lyne (@lynerc)
# Vendor Homepage: https://www.nagios.com/
# Product: Nagios XI
# Software Link: https://assets.nagios.com/downloads/nagiosxi/5/xi-5.5.6.tar.gz
# Version: From 2012r1.0 to 5.5.6
# Tested on:
# - CentOS Linux 7.5.1804 (Core) / Kernel 3.10.0 / This was a vendor-provided .OVA file
# - Nagios XI 2012r1.0, 5r1.0, and 5.5.6
# CVE: CVE-2018-15708, CVE-2018-15710
#
# See Also:
# https://www.tenable.com/security/research/tra-2018-37
# https://medium.com/tenable-techblog/rooting-nagios-via-outdated-libraries-bb79427172
#
# This code exploits both CVE-2018-15708 and CVE-2018-15710 to pop a root re
Metasploit
Nagios XI Magpie_debug.php Root Remote Code Execution
metasploit·CVSS 9.8
CVE-2018-15708 [CRITICAL] Nagios XI Magpie_debug.php Root Remote Code Execution
Nagios XI Magpie_debug.php Root Remote Code Execution
This module exploits two vulnerabilities in Nagios XI <= 5.5.6: CVE-2018-15708 which allows for unauthenticated remote code execution and CVE-2018-15710 which allows for local privilege escalation. When combined, these two vulnerabilities allow execution of arbitrary commands as root.
http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.htmlhttps://www.exploit-db.com/exploits/46221/https://www.tenable.com/security/research/tra-2018-37http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.htmlhttps://www.exploit-db.com/exploits/46221/https://www.tenable.com/security/research/tra-2018-37
2018-11-14
Published