CVE-2020-36859 – This SQL injection vulnerability in Nagios XI's... (How to Fix)

Q: What is the severity of CVE-2020-36859?

CVE-2020-36859 has a CVSS score of 8.8 (HIGH). This SQL injection vulnerability in Nagios XI's Core Config Manager allows authenticated users to inject malicious SQL queries through object edit pages. Successful exploitation could lead to unauthorized access, data disclosure, or modification of configuration data. Organizations running Nagios XI versions prior to 5.7.4 are affected.

📋 TL;DR

This SQL injection vulnerability in Nagios XI's Core Config Manager allows authenticated users to inject malicious SQL queries through object edit pages. Successful exploitation could lead to unauthorized access, data disclosure, or modification of configuration data. Organizations running Nagios XI versions prior to 5.7.4 are affected.

💻 Affected Systems

Products:

Nagios XI

Versions: Nagios XI versions prior to 5.7.4, Core Config Manager versions prior to 3.0.7

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to the Core Config Manager interface.

📦 What is this software?

Nagios Xi by Nagios

View all CVEs affecting Nagios Xi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Nagios XI database, leading to disclosure of all monitoring data, configuration secrets, and potential lateral movement to other systems via database connections.

🟠

Likely Case

Unauthorized access to sensitive monitoring data, modification of alert configurations to hide security incidents, or extraction of credentials stored in the configuration.

🟢

If Mitigated

Limited impact due to proper input validation, database permissions, and network segmentation preventing lateral movement.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but SQL injection is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Nagios XI 5.7.4 or Core Config Manager 3.0.7

Vendor Advisory: https://www.nagios.com/changelog/nagios-xi/

Restart Required: Yes

Instructions:

1. Backup current Nagios XI installation. 2. Download Nagios XI 5.7.4 or later from Nagios website. 3. Follow Nagios XI upgrade documentation. 4. Restart Nagios services after upgrade.

🔧 Temporary Workarounds

Input Validation Web Application Firewall

all

Deploy WAF rules to detect and block SQL injection patterns in POST requests to object edit pages.

Restrict Access to Core Config Manager

all

Limit access to CCM interface to only necessary administrative users using network ACLs or authentication proxies.

🧯 If You Can't Patch

Implement strict database permissions limiting CCM application user to only necessary operations
Deploy network segmentation to isolate Nagios XI database from other critical systems

🔍 How to Verify

Check if Vulnerable:

Check Nagios XI version via Admin > System Config > About page or run: cat /usr/local/nagiosxi/var/xiversion

Check Version:

cat /usr/local/nagiosxi/var/xiversion

Verify Fix Applied:

Verify version is 5.7.4 or higher and check that SQL injection attempts are properly sanitized in object edit functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by CCM access
Unexpected configuration changes in object edit logs

Network Indicators:

Unusual database connection patterns from Nagios XI server
SQL error messages in HTTP responses

SIEM Query:

source="nagios_logs" AND ("SQL syntax" OR "unexpected character" OR "object edit")

📊 Metadata

CVE ID: CVE-2020-36859

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 1.16% exploit probability (78.2th percentile)

Published: October 30, 2025

Last Updated: November 6, 2025

🔗 References

https://www.nagios.com/changelog/nagios-xi/ Release Notes
https://www.vulncheck.com/advisories/nagios-xi-ccm-sqli-via-object-edit-pages Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-36859, you might also want to check these: