CVE-2020-36856
Published: 30 October 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2020-36856 is an authenticated remote command execution vulnerability affecting Nagios XI versions prior to 5.6.14. The issue resides in the Core Config Manager (CCM) component's command_test.php script, where insufficient validation of the `address` parameter permits an attacker to inject shell metacharacters. These metacharacters are incorporated into backend command invocations, classified under CWE-78 (OS Command Injection), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An authenticated user with access to the Core Config Manager can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows arbitrary command execution with the privileges of the Nagios XI web application user, enabling attackers to run commands on the underlying host, modify system configurations, or achieve full host compromise.
Nagios advisories recommend upgrading to Nagios XI version 5.6.14 or later to mitigate the vulnerability, as detailed in the official changelog and security product pages. Additional analysis is available from VulnCheck, which covers the authenticated RCE via the command_test.php address parameter.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables authenticated remote command execution via OS command injection (CWE-78) in a web application component, directly facilitating exploitation of remote services (T1210) and execution via Unix Shell (T1059.004).