CVE-2020-36859
Published: 30 October 2025
Summary
CVE-2020-36859 is a high-severity SQL Injection (CWE-89) vulnerability in Nagios Nagios Xi. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 21.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates SQL injection by requiring validation and error handling of unsanitized user-supplied input before incorporation into SQL queries in object edit pages.
Requires timely identification, reporting, and correction of flaws like the SQL injection vulnerabilities in Core Config Manager, aligning with upgrading to patched versions.
Enforces input restrictions at application boundaries to block malicious SQL fragments from authenticated users exploiting object edit pages.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection enables exploitation for privilege escalation (T1068) from low privileges to broader compromise and data collection/modification from databases (T1213.006).
NVD Description
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors,…
more
allowing authenticated users to inject SQL fragments. Successful exploitation could lead to unauthorized disclosure or modification of configuration and application data, and in some environments could allow further compromise of the application or backend database.
Deeper analysisAI
CVE-2020-36859 is a set of multiple SQL injection vulnerabilities (CWE-89) affecting the Core Config Manager (CCM) component in Nagios XI versions prior to CCM 3.0.7 and Nagios XI 5.7.4. The flaws reside in the object edit pages, where unsanitized user-supplied input is directly incorporated into SQL queries executed by configuration object editors. This allows attackers to inject malicious SQL fragments. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.
Authenticated users with low privileges can exploit these vulnerabilities remotely over the network with low complexity and no user interaction required. Successful exploitation enables unauthorized disclosure or modification of configuration and application data stored in the database. In certain environments, this could escalate to broader compromise of the Nagios XI application or the underlying backend database.
Mitigation involves upgrading to CCM 3.0.7 or Nagios XI 5.7.4 or later, as indicated by the affected version boundaries. Additional details on patches and remediation are available in the Nagios XI changelog at https://www.nagios.com/changelog/nagios-xi/ and the Vulncheck advisory at https://www.vulncheck.com/advisories/nagios-xi-ccm-sqli-via-object-edit-pages.
Details
- CWE(s)