writeups.xyz / Technical Advisory – Multiple Vulnerabilities in Nagios XI

Submitter : c2a

Date: 13 December 2023

Bounty : undisclosed

Vulnerabilities :

• RCE
• Missing Authentication
• OS Command Injection
• Local Privilege Escalation
• Stored XSS
• Plaintext Storage of a Password
• Weak Credentials
• Privilege Escalation
• Post-Exploitation

Programs :

• Nagios

Authors :

• Oliver Brooks

Link :
https://research.nccgroup.com/2023/12/13/technical-advisory-multiple-vulnerabilities-in-nagios-xi/