Vulnerability in Nagios Xi
CVE-2018-15710
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
EPSS: 0.758 (98.9th percentile) — read the EPSS interpretation.
Affected products
- Nagios Xi — versions 5.5.6
Public proof-of-concept exploits
References
- 46221 (exploit, x_refsource_EXPLOIT-DB)
- www.tenable.com/security/research/tra-2018-37 (x_refsource_MISC)
- packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Cod… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2018-15710?
- CVE-2018-15710 is a vulnerability in Nagios Xi. Published 2018-11-14.
- Is CVE-2018-15710 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.