CVE-2023-53948

CriticalPublic PoC

Published: 19 December 2025

Published

19 December 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0048 65.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmap_binary parameter to execute a reverse shell by sending…

a crafted POST request to the autodiscovery endpoint.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the lack of input filtering on the nmap_binary parameter by requiring validation of user-supplied inputs to prevent command injection and arbitrary code execution.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and remediation of the specific RCE flaw in Lilac-Reloaded version 2.0.8, preventing exploitation through patching or compensating controls.

AC-6 Least Privilege partial match

prevent

Enforces least privilege on the process handling the autodiscovery endpoint, limiting the impact and scope of arbitrary command execution even if injection occurs.

Security SummaryAI

CVE-2023-53948 is a remote code execution vulnerability (CWE-78) in Lilac-Reloaded for Nagios version 2.0.8. The flaw exists in the autodiscovery feature due to a lack of input filtering on the nmap_binary parameter, enabling attackers to inject arbitrary commands.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity by sending a crafted POST request to the autodiscovery endpoint. Successful exploitation allows execution of arbitrary commands, such as establishing a reverse shell, resulting in high impacts on confidentiality, integrity, and availability as reflected in the CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Advisories from VulnCheck detail the remote code execution via autodiscovery, while Exploit-DB hosts a proof-of-concept exploit (ID 51374), and the Nagios Exchange page provides information on the affected Lilac-Reloaded addon. Security practitioners should review these references for mitigation recommendations and updates.

Details

CWE(s): CWE-78

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

CVE-2023-53948 enables remote code execution through OS command injection in a public-facing Nagios plugin's autodiscovery endpoint, directly facilitating T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for arbitrary command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://exchange.nagios.org/directory/addons/configuration/lilac-2dreloaded/details/
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51374
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/lilac-reloaded-for-nagios-remote-code-execution-via-autodiscovery
disclosure@vulncheck.com