Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Nagios XI 5.5.10: XSS to root RCE
Image
Gepubliceerd : 15/04/2019
Reference:
Advisory #2019-009
Version:
1.0
Affected software:
Nagios XI 5.5.10
Type:
Remote Code execution
CVE/CVSS:
CVE-2019-9164, CVE-2019-9165, CVE-2019-9166, CVE-2019-9167, CVE-2019-9202, CVE-2019-9203, CVE-2019-9204
Sources
https://www.nagios.com/products/security/
Risks
Various critical vulnerabilities have been found in Nagios XI 5.5.10 and prior versions.
CERT.be recommends systems administrators to install the latest Upgrade to Nagios XI 5.5.11 or above. Update to Nagios XI 5.5.11 which includes all the fixes.
A Proof of Concept is available.
Recommended Actions
Upgrade to Nagios XI 5.5.11 or above.
Upgrade Nagios IM component to version 2.2.7 or above.
More Information
Various vulnerabilities have been found in Nagios XI 5.5.10 that allow a remote attacker to obtain a remote root shell. All the attacker has to do is be able to trick an authenticated victim (with “autodiscovery job” creation privileges) to visit a malicious URL.
References
https://www.nagios.com/downloads/nagios-xi/change-log/
https://www.shielder.it/blog/nagios-xi-5-5-10-xss-to-root-rce/