As many as 11 safety vulnerabilities have been disclosed in Nagios community administration techniques, a few of which could possibly be chained to attain pre-authenticated distant code execution with the very best privileges, in addition to result in credential theft and phishing assaults.
Industrial cybersecurity agency Claroty, which found the issues, stated flaws in instruments reminiscent of Nagios make them a horny goal owing to their “oversight of core servers, gadgets, and different vital elements within the enterprise community.” The problems have since been fastened in updates launched in August with Nagios XI 5.8.5 or above, Nagios XI Change Wizard 2.5.7 or above, Nagios XI Docker Wizard 1.13 or above, and Nagios XI WatchGuard 1.4.8 or above.
“and have been doubtless focused not solely due to their massive and influential buyer bases, but in addition due to their respective applied sciences’ entry to enterprise networks, whether or not it was managing IT, operational know-how (OT), or web of issues (IoT) gadgets,” Claroty’s Noam Moshe in a write-up printed Tuesday, noting how the intrusions focusing on the IT and community administration provide chains emerged as a conduit to compromise 1000’s of downstream victims.
Nagios Core is a well-liked open-source community well being software analogous to SolarWinds Community Efficiency Monitor (NPM) that is used for retaining tabs on IT infrastructure for efficiency points and sending alerts following the failure of mission-critical elements. Nagios XI, a proprietary web-based platform constructed atop Nagios Core, gives organizations with prolonged perception into their IT operations with scalable monitoring and a customizable high-level overview of hosts, companies, and community gadgets.
Chief among the many points are two distant code execution flaws (CVE-2021-37344, CVE-2021-37346) in Nagios XI Change Wizard and Nagios XI WatchGuard Wizard, an SQL injection vulnerability (CVE-2021-37350) in Nagios XI, and a server-side request forgery (SSRF) affecting Nagios XI Docker Wizard, in addition to a post-authenticated RCE in Nagios XI’s Auto-Discovery software. Theis as follows –
- CVE-2021-37343 (CVSS rating: 8.8) – A path traversal vulnerability exists in Nagios XI beneath model 5.8.5 AutoDiscovery element and will result in post-authenticated RCE below the safety context of the person working Nagios.
- CVE-2021-37344 (CVSS rating: 9.8) – Nagios XI Change Wizard earlier than model 2.5.7 is weak to distant code execution by improper neutralization of particular components utilized in an OS Command (OS Command injection).
- CVE-2021-37345 (CVSS rating: 7.8) – Nagios XI earlier than model 5.8.5 is weak to native privilege escalation as a result of xi-sys.cfg is being imported from the var listing for some scripts with elevated permissions.
- CVE-2021-37346 (CVSS rating: 9.8) – Nagios XI WatchGuard Wizard earlier than model 1.4.8 is weak to distant code execution by Improper neutralization of particular components utilized in an OS Command (OS Command injection).
- CVE-2021-37347 (CVSS rating: 7.8) – Nagios XI earlier than model 5.8.5 is weak to native privilege escalation as a result of getprofile.sh doesn’t validate the listing title it receives as an argument.
- CVE-2021-37348 (CVSS rating: 7.5) – Nagios XI earlier than model 5.8.5 is weak to native file inclusion by an improper limitation of a pathname in index.php.
- CVE-2021-37349 (CVSS rating: 7.8) – Nagios XI earlier than model 5.8.5 is weak to native privilege escalation as a result of cleaner.php doesn’t sanitize enter learn from the database.
- CVE-2021-37350 (CVSS rating: 9.8) – Nagios XI earlier than model 5.8.5 is weak to SQL injection vulnerability in Bulk Modifications Device as a result of improper enter sanitization.
- CVE-2021-37351 (CVSS rating: 5.3) – Nagios XI earlier than model 5.8.5 is weak to insecure permissions and permits unauthenticated customers to entry guarded pages by a crafted HTTP request to the server.
- CVE-2021-37352 (CVSS rating: 6.1) – An open redirect vulnerability exists in Nagios XI earlier than model 5.8.5 that might result in spoofing. To use the vulnerability, an attacker might ship a hyperlink that has a specially-crafted URL and persuade the person to click on the hyperlink.
- CVE-2021-37353 (CVSS rating: 9.8) – Nagios XI Docker Wizard earlier than model 1.1.3 is weak to SSRF as a result of improper sanitization in table_population.php
In a nutshell, the issues could possibly be mixed by attackers to drop an internet shell or execute PHP scripts and elevate their privileges to root, thus attaining arbitrary command execution within the context of the foundation person. As a proof-of-concept, Claroty chained CVE-2021-37343 and CVE-2021-37347 to achieve a write-what-where primitive, permitting an attacker to put in writing content material to any file within the system.
“[Network management systems] require intensive belief and entry to community elements with a view to correctly monitor community behaviors and efficiency for failures and poor effectivity,” Moshe stated.
“They might additionally lengthen exterior your community by the firewall to take care of distant servers and connections. Subsequently, these centralized techniques generally is a tasty goal for attackers who can leverage any such community hub, and try to compromise it with a view to entry, manipulate, and disrupt different techniques.”
The disclosure is the second time practically dozen vulnerabilities have been disclosed in Nagios. Earlier this Might, Skylight Cyber revealedwithin the community monitoring utility that could possibly be abused by an adversary to hijack the infrastructure with none operator intervention.