We have been made aware of a chain of four security vulnerabilities in Nagios XI that allow a potential attacker to create a root “remote command execution” exploit. Your system is especially vulnerable if it is accessible via the internet and not protected by a firewall.

Nagios XI versions 5.2.6 – 5.4.12 are affected. We strongly suggest that all Nagios XI users immediately update to latest version 5.4.13, which includes fixes to these vulnerabilities, to ensure your system is not susceptible to a security breach. Here are instructions on how to upgrade.

We have provided two scripts below. The first allows you to patch the vulnerability immediately until you are able to upgrade to the latest version of XI and the second checks for potential breaches in your system using the vulnerabilities found.

This script patches the authentication bypass and SQL injection to stop the chain of vulnerabilities:
Link: vuln_patch.sh

This script allows you to check if your system has potentially been breached:
Link: comp_detect.sh

You can read detailed information about the four linked security vulnerabilities that were exploited below:

Nagios XI Vulnerability Chain

Links to information about the individual vulnerabilities:

Again, we strongly encourage all Nagios XI users to update to the latest version to prevent their system from being susceptible to these known vulnerabilities.