CVE-2019-15949

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.6.6

Description The issue allows remote command execution as root. It requires access to the server as the nagios user or access as the admin user via the web interface. The getprofile.sh script is executed as root via a passwordless sudo entry and executes check plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check plugin executable and insert malicious commands to execute as root. The vulnerability is related to the lack of measures to neutralize special elements used in the operating system command.

Recommendations For Nagios XI versions prior to 5.6.6, update to version 5.6.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the getprofile.sh script and the check plugin executable to minimize the risk of exploitation. Avoid using the profile.php?cmd=download endpoint until the issue is resolved. Restrict permissions to modify plugins to trusted users only.