CVE-2020-36869 – Nagios XI versions before 5.7.5 contain a SQL i... (How to Fix)

Q: What is the severity of CVE-2020-36869?

CVE-2020-36869 has a CVSS score of 7.2 (HIGH). Nagios XI versions before 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. This allows authenticated administrators to execute arbitrary SQL commands against the database, potentially leading to data theft, modification, or system compromise. Only users with administrative privileges can exploit this vulnerability.

📋 TL;DR

Nagios XI versions before 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. This allows authenticated administrators to execute arbitrary SQL commands against the database, potentially leading to data theft, modification, or system compromise. Only users with administrative privileges can exploit this vulnerability.

💻 Affected Systems

Products:

Nagios XI

Versions: All versions prior to 5.7.5

Operating Systems: All supported platforms (primarily Linux)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrative access to the SNMP Trap Interface edit page. Default installations with admin accounts are vulnerable.

📦 What is this software?

Nagios Xi by Nagios

View all CVEs affecting Nagios Xi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leading to full database takeover, data exfiltration, privilege escalation to operating system, or complete system compromise.

🟠

Likely Case

Malicious administrator or compromised admin account uses SQL injection to access sensitive monitoring data, modify configurations, or disrupt monitoring operations.

🟢

If Mitigated

Limited impact due to proper access controls, monitoring, and least privilege principles restricting administrative access.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrative credentials. SQL injection is straightforward once authenticated to the vulnerable interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.7.5 and later

Vendor Advisory: https://www.nagios.com/changelog/nagios-xi/

Restart Required: No

Instructions:

1. Backup current configuration and database. 2. Download Nagios XI 5.7.5 or later from Nagios website. 3. Follow official upgrade instructions at https://assets.nagios.com/downloads/nagiosxi/docs/Upgrading-Nagios-XI.pdf. 4. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit administrative account access to only trusted users and implement strong authentication controls.

Network Segmentation

all

Isolate Nagios XI management interface from untrusted networks and implement strict firewall rules.

🧯 If You Can't Patch

Implement strict access controls and monitor all administrative activity on Nagios XI
Deploy web application firewall (WAF) with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check Nagios XI version via web interface (Help > About) or command line: cat /usr/local/nagiosxi/var/xiversion

Check Version:

cat /usr/local/nagiosxi/var/xiversion

Verify Fix Applied:

Confirm version is 5.7.5 or higher using same methods. Test SNMP Trap Interface edit page functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by successful admin login
Unexpected modifications to SNMP trap configurations

Network Indicators:

Unusual database connections from Nagios XI server
Suspicious HTTP POST requests to /nagiosxi/admin/snmptrap.php

SIEM Query:

source="nagios" AND (uri="/nagiosxi/admin/snmptrap.php" OR sql_query="*SELECT*" OR sql_query="*UNION*")

📊 Metadata

CVE ID: CVE-2020-36869

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.55% exploit probability (67.4th percentile)

Published: October 30, 2025

Last Updated: November 5, 2025

🔗 References

https://www.nagios.com/changelog/nagios-xi/ Release Notes
https://www.vulncheck.com/advisories/nagios-xi-sqli-via-snmp-trap-interface-edit-page Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-36869, you might also want to check these: