CVE-2020-36856

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.6.14

Description Nagios XI versions prior to 5.6.14 have an authenticated remote command execution issue in the command test.php script within the Core Config Manager (CCM). A lack of proper validation of the address parameter allows an authenticated user with access to the CCM to inject shell metacharacters. Successful exploitation can lead to arbitrary command execution with the privileges of the Nagios XI web application user, potentially allowing for commands to be run on the underlying host, system configuration changes, or full system compromise.

Recommendations Update Nagios XI to version 5.6.14 or later.