CVE-2021-25296

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nagios:nagios_xi:5.7.5:*:*:*:*:*:*:*

History

21 Nov 2024, 05:54

Type Values Removed Values Added
References () http://nagios.com - Product () http://nagios.com - Product
References () http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html - Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html - Third Party Advisory, VDB Entry
References () https://assets.nagios.com/downloads/nagiosxi/versions.php - Exploit, Product () https://assets.nagios.com/downloads/nagiosxi/versions.php - Exploit, Product
References () https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md - Exploit, Third Party Advisory () https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md - Exploit, Third Party Advisory
References () https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and - Exploit, Third Party Advisory () https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and - Exploit, Third Party Advisory

24 Jul 2024, 16:46

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html - () http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html - Third Party Advisory, VDB Entry
References () https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and - () https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and - Exploit, Third Party Advisory

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE CWE-78 NVD-CWE-Other

Information

Published : 2021-02-15 13:15

Updated : 2024-11-21 05:54


NVD link : CVE-2021-25296

Mitre link : CVE-2021-25296

CVE.ORG link : CVE-2021-25296


JSON object : View

Products Affected

nagios

  • nagios_xi