Nagios XI 5.7.5 Remote Code Execution
This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions
5.5.6 to 5.7.5 as the apache user. Valid credentials for a Nagios XI user
are required. This module has been successfully tested against official NagiosXI OVAs versions 5.5.6 through 5.7.5.
https://packetstormsecurity.com/files/170924/nagios_xi_configwizards_authenticated_rce.rb.txt
Wed, 08 Feb 2023 16:27:00 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com (2:467/4.444)