What is CVE-2018-8735?

CVE-2018-8735 is a vulnerability in N/a. Published 2018-04-18.

Is CVE-2018-8735 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-8735

Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.

EPSS: 0.725 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
rapid7/metasploit-framework
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
lnick2023/nicenice
qazbnm456/awesome-cve-poc
xbl3/awesome-cve-poc_
xfer0/Nagios-XI-5.2.6-9-5.3-5.4-Chained-Remote-Root-Exploit-Fixed

References

gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f (x_refsource_MISC)
44560 (exploit, x_refsource_EXPLOIT-DB)
www.nagios.com/downloads/nagios-xi/change-log/ (x_refsource_MISC)
blog.redactedsec.net/exploits/2018/04/26/nagios.html (x_refsource_MISC)
assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT (x_refsource_MISC)
44969 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2018-8735?: CVE-2018-8735 is a vulnerability in N/a. Published 2018-04-18.
Is CVE-2018-8735 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.