From 89ae1d8c177c0ef69d54ecac30eef8cf725eab66 Mon Sep 17 00:00:00 2001 From: Matthew Mathur <9121784+k0pak4@users.noreply.github.com> Date: Tue, 24 Jan 2023 13:04:11 -0500 Subject: [PATCH] Add initial yaml files for CVE-2021-25296,7,8 --- cves/2021/CVE-2021-25296.yaml | 21 +++++++++++++++++++++ cves/2021/CVE-2021-25297.yaml | 21 +++++++++++++++++++++ cves/2021/CVE-2021-25298.yaml | 21 +++++++++++++++++++++ 3 files changed, 63 insertions(+) diff --git a/cves/2021/CVE-2021-25296.yaml b/cves/2021/CVE-2021-25296.yaml index 8b13789179..378629790d 100644 --- a/cves/2021/CVE-2021-25296.yaml +++ b/cves/2021/CVE-2021-25296.yaml @@ -1 +1,22 @@ +id: CVE-2021-25296 +info: + name: Nagios XI 5.7.5 Command Injection + author: k0pak4 + severity: critical + description: Nagios XI 5.7.5 is affected by OS command injection. An authenticated user can gain code execution with a single HTTP request due to unsanitized URL paramaters. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-25296 + - https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md + - https://github.com/rapid7/metasploit-framework/pull/17494 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-25296 + cwe-id: CWE-78 + tags: cve,cve2021,nagiosxi + +requests: + - method: GET + - path: + - "{{BaseUrl}}/nagiosxi/config/monitoringwizard.php?update=1&nextstep=3&wizard=windowswmi&plugin_output_len=9999;" \ No newline at end of file diff --git a/cves/2021/CVE-2021-25297.yaml b/cves/2021/CVE-2021-25297.yaml index 8b13789179..8a28e37cae 100644 --- a/cves/2021/CVE-2021-25297.yaml +++ b/cves/2021/CVE-2021-25297.yaml @@ -1 +1,22 @@ +id: CVE-2021-25297 +info: + name: Nagios XI 5.7.5 Command Injection + author: k0pak4 + severity: critical + description: Nagios XI 5.7.5 is affected by OS command injection. An authenticated user can gain code execution with a single HTTP request due to unsanitized URL paramaters. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-25297 + - https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md + - https://github.com/rapid7/metasploit-framework/pull/17494 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-25297 + cwe-id: CWE-78 + tags: cve,cve2021,nagiosxi + +requests: + - method: GET + - path: + - "{{BaseUrl}}/nagiosxi/config/monitoringwizard.php?update=1&ipaddress=127.0.0.1&nextstep=4&wizard=digitalocean" diff --git a/cves/2021/CVE-2021-25298.yaml b/cves/2021/CVE-2021-25298.yaml index 8b13789179..ad06782921 100644 --- a/cves/2021/CVE-2021-25298.yaml +++ b/cves/2021/CVE-2021-25298.yaml @@ -1 +1,22 @@ +id: CVE-2021-25298 +info: + name: Nagios XI 5.7.5 Command Injection + author: k0pak4 + severity: critical + description: Nagios XI 5.7.5 is affected by OS command injection. An authenticated user can gain code execution with a single HTTP request due to unsanitized URL paramaters. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-25298 + - https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md + - https://github.com/rapid7/metasploit-framework/pull/17494 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-25298 + cwe-id: CWE-78 + tags: cve,cve2021,nagiosxi + +requests: + - method: GET + - path: + - "{{BaseUrl}}/nagiosxi/config/monitoringwizard.php?update=1&ipaddress=127.0.0.1&nextstep=4&wizard=digitalocean"