OVERVIEW

• Palo Alto’s Unit 42 researchers observed an attacker targeting Nagios XI software to exploit the remote command injection vulnerability, CVE-2021-25296, impacting Nagios XI version 5.7.5

• The vulnerability is being abused to deploy the XMRig coinminer on victim’s devices.

• Nagios is the industry standard in network monitoring. Nagios XI provides monitoring of all mission-critical infrastructure components including applications, services, operating systems, network protocols, systems metrics, and network infrastructure.

• It is used by organizations in nearly every industry including education, healthcare, government, and Fortune 100 corporations.