Nagios Support Forum

Whats the deal with this vulnerability? http://tools.cisco.com/security/center/ ... rtId=29054

A vulnerability in the autodiscovery function of Nagios XI could allow an authenticated, remote attacker to gain root access and execute arbitrary commands.

The vulnerability is due to improper filtering of user provided input. An authenticated, remote attacker could exploit this vulnerability by linking a malicious web page to the configuration items of user's database, in order to cause content spoofing.

Nagios has not confirmed the vulnerability and software updates are not available.

Always fun when things are not properly disclosed, ie. we have had no communication from Cisco or anyone else regarding this issue, to my knowledge. Without initial testing, my statement would be, that it is certainly possible this component has an issue with input. Nmap requires quite a lot of freedom to do a proper scan. However if this is in fact the case, we will definitely look into resolving it. As for this being exploitable, the attacker would already have to have admin level privileges on the XI interface, and therefore could do most anything anyways. Such included things would be to add a malicious application or script as a plugin, create a check and execute it opening a remote shell. I still do not want to distract from the fact that we will look into this regardless.