A high-severity command injection flaw in a Nagios configuration wizard could allow remote attackers to execute arbitrary code and seize control of the monitoring server.

The vulnerability exists in the zabbixagent_configwizard_func function. Inadequate input validation allows an attacker to inject shell commands into the configuration process. While the JSON suggests an "ABB" vendor, the technical description points directly to a Nagios component, where such wizards typically run with elevated privileges.

Remote Code Execution (RCE) on a monitoring server is catastrophic, as these systems often have extensive reach into the rest of the network. An attacker could use the compromised Nagios server to pivot to other systems, steal credentials, or disrupt infrastructure monitoring. The CVSS score of 7.2 indicates a High severity risk that directly threatens the entire IT environment.

Immediate Action: Apply security patches for Nagios and the affected configuration wizard immediately. If the wizard is not in active use, disable or remove it from the system.

Proactive Monitoring: Check for unusual child processes spawning from the Nagios web service and review network traffic for unauthorized outbound connections from the monitoring host.

Compensating Controls: Restrict access to the Nagios administrative interface to specific IP addresses via a management VPN or firewall and use a WAF to filter malicious command strings.

Public Exploit Available: false

Apply the primary vendor patch immediately. Because monitoring systems are critical infrastructure, they must be hardened beyond just patching. Ensure that the Nagios web interface is not exposed to the public internet and that all administrative actions are strictly logged and audited.