Security flaw discovered in network monitoring software
Miscreants are exploiting a newly-discovered vulnerability in the Nagios XI network monitoring software to run crypto-mining malware.
The CVE-2021-25296 remote command injection vulnerability is being abused to deploy the XMRig coin-miner on victims’ devices in a series of ongoing attacks, security researchers at Palo Alto’s Unit 42 warn.
The vulnerability stems from flaws in the Windows WMI configuration wizard component of the Nagios XI version 5.7.5 enterprise server and network monitoring software.
The security bug involves a lack of validation of the user input – a common class of web security vulnerability.
The attacks attempt to execute a malicious bash script fetched from the malicious server, which also hosts the XMRig miner.
This technique exploits the ability to inject unexpected characters or add arbitrary commands to the commands submitted to vulnerable systems.
Although security tools such as the Palo Alto Firewall can block the attack, the best defense is likely offered by updating deployed Nagios XI software away from version 5.7.5, the vulnerable version of the enterprise software package.
The Daily Swig has asked Palo Alto’s research team to offer an estimated number of potentially vulnerable systems.
No word back as yet, but we’ll update this story as and when more information comes to hand.