Vulnerability in Nagios Xi
CVE-2018-15708
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
EPSS: 0.913 (99.7th percentile) — read the EPSS interpretation.
Affected products
- Nagios Xi — versions 5.5.6
Public proof-of-concept exploits
References
- 46221 (exploit, x_refsource_EXPLOIT-DB)
- www.tenable.com/security/research/tra-2018-37 (x_refsource_MISC)
- packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Cod… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2018-15708?
- CVE-2018-15708 is a vulnerability in Nagios Xi. Published 2018-11-14.
- Is CVE-2018-15708 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.