Nagios XI 5.5.10: XSS to root RCE
CVE-2019-9164, CVE-2019-9165, CVE-2019-9166, CVE-2019-9167, CVE-2019-9202, CVE-2019-9203, CVE-2019-9204
Various critical vulnerabilities have been found in Nagios XI 5.5.10 and prior versions.
CERT.be recommends systems administrators to install the latest Upgrade to Nagios XI 5.5.11 or above. Update to Nagios XI 5.5.11 which includes all the fixes.
A Proof of Concept is available.
Upgrade to Nagios XI 5.5.11 or above.
Upgrade Nagios IM component to version 2.2.7 or above.
Various vulnerabilities have been found in Nagios XI 5.5.10 that allow a remote attacker to obtain a remote root shell. All the attacker has to do is be able to trick an authenticated victim (with “autodiscovery job” creation privileges) to visit a malicious URL.