<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Blog
01.19.2021

CVE-2020-35578: Nagios (Remote Code Execution)

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.

1.1        Vulnerability Summary

An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.

CVE-2020-35578: Nagios (Remote Code Execution Vulnerability). Virsec Risk Index: 91%

Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

The CVSS Base score of this vulnerability is Not Available currently.

1.3        Affected Version

Nagios XI before 5.8.0.

1.4        Vulnerability Attribution

This vulnerability is disclosed by Nagios.

1.5        Risk Impact

Nagios, is a free and open-source computer-software application that monitors systemsnetworks and infrastructure. Nagios offers monitoring and alerting services for servers, switches, applications, and services. It alerts users when things go wrong and alerts them a second time when the problem has been resolved. As per this website, Nagios is market leader in IT infra monitoring and has 20% percent market share that manages close to 5250 Domains.

Bar chart for Nagios and their top competitors in datanyze universe

Exploiting this vulnerability can lead to attacker planting a backdoor and affecting the entire organization leaking out important software codes and information.

Exploit is available in public domain here.

1.6        Virsec Security Platform (VSP) Support:

VSP-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.

VSP-Web has capability that can detect all types of OS command injection attack and prevent this attack from being exploited.

1.7        Reference Links:

Download the full vulnerability report to learn more about this and other important vulnerabilities.

 

Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!

About the Author
Satya Gupta is Virsec’s visionary founder, with over 25 years of expertise in embedded systems, network security and systems architecture. Satya has helped build and guide the company through key growth phases from initial funding (2015), developing core technology with key partners including Raytheon and Lockheed (2016-2018), to launching an enterprise class, GA product (2019). Prior to this, Satya built a highly profitable software design and consulting business targeting data networking, application security and industrial automation projects. He was also Director of Firmware Engineering at Narad Networks and Managing Director and Chief Engineer at Eastern Telecom and Tech Ltd. Satya has more than 40 patents in complex firmware architecture with products deployed to hundreds of thousands of users. He holds a BS degree in Engineering from the Indian Institute of Technology in Kanpur and additional degrees from the University of Massachusetts at Lowell.