CVE-2019-15949

Name: CVE-2019-15949
Creator: NVD / NIST
Published: 2019-09-05T17:15:12.327+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10Actively ExploitedEPSS 77.74%

Last modified Jun 17, 2026

CVE-2019-15949 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. CISA has confirmed active exploitation in the wild. EPSS estimates a 77.74% chance of exploitation in the next 30 days.

Description

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

77.74%

99.5th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by May 3, 2022.

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Nagios	Nagios Xi	< 5.6.6

References

http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
https://github.com/jakgibb/nagiosxi-root-rce-exploitExploit, Third Party Advisory
http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
https://github.com/jakgibb/nagiosxi-root-rce-exploitExploit, Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-15949US Government Resource

Timeline

Published: Sep 5, 2019
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2019-15949?

How severe is CVE-2019-15949?

CVE-2019-15949 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 77.74% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2019-15949?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-15949?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST