CVE-2019-9164

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.5.11

Description The issue allows authenticated users to execute arbitrary remote commands via a new autodiscovery job. There have been reports of cross-site scripting (XSS) that can lead to root remote code execution (RCE).

Recommendations For versions prior to 5.5.11, update to version 5.5.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the autodiscovery job feature until a patch is applied.