CVE-2024-58273

# CVE-2024-58273 Nagios Log Server LPE PoC # This is a conceptual PoC - actual exploitation requires specific environment conditions # Reference: https://www.vulncheck.com/advisories/nagios-log-server-lpe-from-apache-backend-shell-user-to-root import subprocess import os def check_vulnerability(): """ Check if Nagios Log Server is vulnerable Requires Apache user or backend shell user access """ # Check Nagios Log Server version version_check = subprocess.run(['nagioslogserver', '--version'], capture_output=True, text=True) # Check for vulnerable configurations # Look for writable scripts in privileged locations privileged_paths = [ '/usr/local/nagioslogserver/', '/opt/nagioslogserver/', '/etc/nagioslogserver/' ] vulnerable = False for path in privileged_paths: if os.path.exists(path): # Check for insecure file permissions for root, dirs, files in os.walk(path): for file in files: filepath = os.path.join(root, file) if os.stat(filepath).st_mode & 0o2: # World-writable print(f'[*] Found world-writable file: {filepath}') vulnerable = True return vulnerable def exploit_lpe(): """ Exploitation steps (requires Apache/backend user access): 1. Gain initial access as Apache web user or backend shell user 2. Identify misconfigured scripts with root privileges 3. Inject malicious commands into vulnerable scripts 4. Execute payload to gain root shell """ # This is a placeholder - actual exploitation requires: # - Finding specific vulnerable scripts in Nagios Log Server # - Identifying insecure permission configurations # - Crafting appropriate payloads for the specific vulnerability print('[!] This PoC requires Apache or backend shell user access') print('[!] Exploitation requires detailed analysis of target system') return False if __name__ == '__main__': print('CVE-2024-58273 Nagios Log Server Local Privilege Escalation') print('=' * 60) if check_vulnerability(): print('[+] System appears to be vulnerable') print('[*] Attempting exploitation...') exploit_lpe() else: print('[-] System may not be vulnerable or access insufficient')

{"cve": {"id": "CVE-2024-58273", "sourceIdentifier": "[email protected]", "published": "2025-10-30T22:15:46.737", "lastModified": "2025-11-06T16:34:35.273", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user (or the backend shell user) to escalate to root on the host."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-266"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "2024", "matchCriteriaId": "87E74637-713C-4DD7-B97E-2F247B7B12B1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:log_server:2024:r1:*:*:*:*:*:*", "matchCriteriaId": "B93D415C-B2C0-42CE-B9B3-29C29A3DCC16"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:log_server:2024:r1.0.1:*:*:*:*:*:*", "matchCriteriaId": "997B64B5-A3F2-4D0E-B05E-CCA76D598C18"}]}]}], "references": [{"url": "https://www.nagios.com/changelog/#log-server-2024R1", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://www.nagios.com/products/security/#log-server", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://www.vulncheck.com/advisories/nagios-log-server-lpe-from-apache-backend-shell-user-to-root", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}