Attackers have been targeting a remote command execution vulnerability (CVE-2021-25296) in Nagios XI software to deploy cryptominer.
• Palo Alto’s Unit 42 researchers observed an attacker targeting Nagios XI software to exploit the remote command injection vulnerability, CVE-2021-25296, impacting Nagios XI version 5.7.5
• The vulnerability is being abused to deploy the XMRig coinminer on victim’s devices.
• Nagios is the industry standard in network monitoring. Nagios XI provides monitoring of all mission-critical infrastructure components including applications, services, operating systems, network protocols, systems metrics, and network infrastructure.
• It is used by organizations in nearly every industry including education, healthcare, government, and Fortune 100 corporations.