{"vulnerability": "cve-2020-2890", "sightings": [{"uuid": "8ed3f9af-c241-49b5-aab7-429465d14cfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28900", "type": "published-proof-of-concept", "source": "Telegram/G59KpcVqJL0_zDDT3OsIlDDMwej7tIw37e7PIMPfoeHYAh0", "content": "", "creation_timestamp": "2021-05-24T20:42:24.000000Z"}, {"uuid": "72607a65-36c9-4ca6-ac40-206aee4c06ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28901", "type": "published-proof-of-concept", "source": "Telegram/lSs36-wtx2L5eDuzIdErV7IOT4QZ5Bt0EdHg5MnV_ikU_PI", "content": "", "creation_timestamp": "2021-05-24T20:42:26.000000Z"}, {"uuid": "ef45875b-4662-42e9-84ae-3437a9f9caf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28902", "type": "published-proof-of-concept", "source": "Telegram/DVwvOGJ62nkSIAY3OXtkqB54zIoJME38K1p7VhTBvx6EK_g", "content": "", "creation_timestamp": "2021-05-24T20:42:28.000000Z"}, {"uuid": "322022cc-265a-4c2d-90da-9861455b33d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28904", "type": "published-proof-of-concept", "source": "Telegram/5YSF5K3K1M3-NdP7BbRUksw4O4BbOIvcVH_gLLBurFtoti4", "content": "", "creation_timestamp": "2021-05-24T20:42:30.000000Z"}, {"uuid": "92b15923-7994-4aeb-83e5-dde7caab8895", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28906", "type": "published-proof-of-concept", "source": "Telegram/NVBtcWJ8lyh0Qni7Xmw8mQOCAg6JU0nx9r-bICIFUc6aoy4", "content": "", "creation_timestamp": "2021-05-24T20:42:32.000000Z"}, {"uuid": "1716f65a-8d19-4d09-a1a8-22e52df36d25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28907", "type": "published-proof-of-concept", "source": "Telegram/mIwIK_jkRuavW9Im9TDnIGssppus7wgZR9hNdygS31zs4ik", "content": "", "creation_timestamp": "2021-05-24T20:42:34.000000Z"}, {"uuid": "df1c97f2-1267-4af1-a245-4b885893b229", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28909", "type": "published-proof-of-concept", "source": "Telegram/Hg_4MKIYUkgtyq90rxZB0FVs7ppmBvWDAislCydKDiWPvSA", "content": "", "creation_timestamp": "2021-05-24T20:42:37.000000Z"}, {"uuid": "be60606f-9423-41a1-a35b-c1dc94dd1500", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28908", "type": "published-proof-of-concept", "source": "Telegram/FNAAGB67yMWdFTyO3-cnS2QpEsk6WBEQ0O3DYs9zyYubPoY", "content": "", "creation_timestamp": "2021-05-24T20:42:35.000000Z"}, {"uuid": "cae9ca61-3e01-48a1-ac5a-607201e2ad1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28903", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/42", "content": "\"13 Nagios Vulnerabilities, #7 will SHOCK you!\" by Samir Ghanem\n\nGaining access to Nagios XI server results in upstream compromise of management server,  i.e. every other customer monitored. Exploitation facilitated with soygun tool.\n\nContents:\n \u2022 TL;DR\n \u2022 Why Nagios?\n \u2022 What is Nagios?\n \u2022 The Code\n \u2022 Challenge Accepted\n \u2022 What are we trying to achieve?\n \u2022 Step 1: RCE on Nagios XI server from low privilege Nagios XI user (CVE-2020-28648)\n \u2022 Step 2: Elevate privileges to \u2018root\u2019 on Nagios XI server (CVE-2020-28910)\n \u2022 Step 3: Trigger XSS by tainting data returned to Nagios Fusion from XI (CVE-2020-28903)\n \u2022 Step 4: Authenticated remote code execution on Nagios Fusion (CVE-2020-28905)\n \u2022 Step 5: Elevate privileges from apache to root using the \u2018cmd_subsys.php\u2019 (CVE-2020-28902)\n \u2022 Step 6: Get list of \u201cfused\u201d XI servers and exploit them using Step 1 and 2\n \u2022 PoC or Attack Platform\n \u2022 SoyGun\n \u2022 Command & Control (C2)\n \u2022 SoyGun Implant\n \u2022 DeadDrop\n \u2022 Demo\n \u2022 Disclosure and Afterthoughts\n \u2022 Full Vulnerabilities List\n\nhttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "creation_timestamp": "2021-05-27T17:17:10.000000Z"}, {"uuid": "89c1ad9b-85d7-4001-9b08-b6bbc2aa4637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28905", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/42", "content": "\"13 Nagios Vulnerabilities, #7 will SHOCK you!\" by Samir Ghanem\n\nGaining access to Nagios XI server results in upstream compromise of management server,  i.e. every other customer monitored. Exploitation facilitated with soygun tool.\n\nContents:\n \u2022 TL;DR\n \u2022 Why Nagios?\n \u2022 What is Nagios?\n \u2022 The Code\n \u2022 Challenge Accepted\n \u2022 What are we trying to achieve?\n \u2022 Step 1: RCE on Nagios XI server from low privilege Nagios XI user (CVE-2020-28648)\n \u2022 Step 2: Elevate privileges to \u2018root\u2019 on Nagios XI server (CVE-2020-28910)\n \u2022 Step 3: Trigger XSS by tainting data returned to Nagios Fusion from XI (CVE-2020-28903)\n \u2022 Step 4: Authenticated remote code execution on Nagios Fusion (CVE-2020-28905)\n \u2022 Step 5: Elevate privileges from apache to root using the \u2018cmd_subsys.php\u2019 (CVE-2020-28902)\n \u2022 Step 6: Get list of \u201cfused\u201d XI servers and exploit them using Step 1 and 2\n \u2022 PoC or Attack Platform\n \u2022 SoyGun\n \u2022 Command & Control (C2)\n \u2022 SoyGun Implant\n \u2022 DeadDrop\n \u2022 Demo\n \u2022 Disclosure and Afterthoughts\n \u2022 Full Vulnerabilities List\n\nhttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "creation_timestamp": "2021-05-27T17:17:10.000000Z"}, {"uuid": "b0ea7789-01ed-472e-a000-0517cbac5dab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28902", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/42", "content": "\"13 Nagios Vulnerabilities, #7 will SHOCK you!\" by Samir Ghanem\n\nGaining access to Nagios XI server results in upstream compromise of management server,  i.e. every other customer monitored. Exploitation facilitated with soygun tool.\n\nContents:\n \u2022 TL;DR\n \u2022 Why Nagios?\n \u2022 What is Nagios?\n \u2022 The Code\n \u2022 Challenge Accepted\n \u2022 What are we trying to achieve?\n \u2022 Step 1: RCE on Nagios XI server from low privilege Nagios XI user (CVE-2020-28648)\n \u2022 Step 2: Elevate privileges to \u2018root\u2019 on Nagios XI server (CVE-2020-28910)\n \u2022 Step 3: Trigger XSS by tainting data returned to Nagios Fusion from XI (CVE-2020-28903)\n \u2022 Step 4: Authenticated remote code execution on Nagios Fusion (CVE-2020-28905)\n \u2022 Step 5: Elevate privileges from apache to root using the \u2018cmd_subsys.php\u2019 (CVE-2020-28902)\n \u2022 Step 6: Get list of \u201cfused\u201d XI servers and exploit them using Step 1 and 2\n \u2022 PoC or Attack Platform\n \u2022 SoyGun\n \u2022 Command & Control (C2)\n \u2022 SoyGun Implant\n \u2022 DeadDrop\n \u2022 Demo\n \u2022 Disclosure and Afterthoughts\n \u2022 Full Vulnerabilities List\n\nhttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "creation_timestamp": "2021-05-27T17:17:10.000000Z"}]}