Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNagios Fusion
APPNagios≤ 4.1.8Nagios Xi
APPNagios≤ 5.7.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References
Related vulnerabilities
CVE-2024-13997CRITICAL9.4PL ✓ten sam produkt
Nagios XI — privilege escalation do root via Migrate Server
CVE-2024-13996CRITICAL9.2PL ✓ten sam produkt
Nagios XI — brak unieważniania sesji po zmianie hasła (CVE-2024-13996)
CVE-2020-36856CRITICAL9.4PL ✓ten sam produkt
Nagios XI — authenticated RCE przez command injection w CCM
CVE-2023-7317CRITICAL9.4PL ✓ten sam produkt
Nagios XI – brak kontroli dostępu w Web SSH Terminal (RCE/ujawnienie danych)
CVE-2024-14003CRITICAL9.4PL ✓ten sam produkt
RCE w Nagios XI poprzez podatność command injection w pluginach NRDP