CRITICAL🇬🇧 English

CVE-2020-28907

CVSS 9.8v3.1pub. 2021-05-24upd. 2024-11-21

Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nagios Fusion

    APP
    Nagios
    ≤ 4.1.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2020-28902CRITICAL9.8ten sam produkt

Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_su...

CVE-2020-28904CRITICAL9.8ten sam produkt

Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as na...

CVE-2020-28900CRITICAL9.8ten sam produkt

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earl...

CVE-2020-28901CRITICAL9.8ten sam produkt

Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root...

CVE-2020-28908CRITICAL9.8ten sam produkt

Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.