Rapid7 Vulnerability & Exploit Database

Nagios XI 5.5.0-5.7.3 - Snmptrap Authenticated Remote Code Exection

Back to Search

Nagios XI 5.5.0-5.7.3 - Snmptrap Authenticated Remote Code Exection



This module exploits an OS command injection vulnerability in includes/components/nxti/index.php that enables an authenticated user with admin privileges to achieve remote code execution as the `apache` user. The module uploads a simple PHP shell via includes/components/nxti/index.php to includes/components/autodiscovery/jobs/ and then executes the payload as the `apache` user via an HTTP GET request to includes/components/autodiscovery/jobs/?= Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios XI 5.7.3 running on CentOS 7.


  • Chris Lyne
  • Erik Wynter




x86, x64, cmd


Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/http/nagios_xi_snmptrap_authenticated_rce
msf exploit(nagios_xi_snmptrap_authenticated_rce) > show targets
msf exploit(nagios_xi_snmptrap_authenticated_rce) > set TARGET < target-id >
msf exploit(nagios_xi_snmptrap_authenticated_rce) > show options
    ...show and set options...
msf exploit(nagios_xi_snmptrap_authenticated_rce) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security