CRITICAL🇵🇱 Wersja polska

CVE-2020-28900

CVSS 9.8v3.1pub. 2021-05-24upd. 2024-11-21

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nagios Fusion

    APP
    Nagios
    ≤ 4.1.8
  • Nagios Xi

    APP
    Nagios
    ≤ 5.7.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-13997CRITICAL9.4PL ✓ten sam produkt

Nagios XI — privilege escalation do root via Migrate Server

CVE-2024-13996CRITICAL9.2PL ✓ten sam produkt

Nagios XI — brak unieważniania sesji po zmianie hasła (CVE-2024-13996)

CVE-2020-36856CRITICAL9.4PL ✓ten sam produkt

Nagios XI — authenticated RCE przez command injection w CCM

CVE-2023-7317CRITICAL9.4PL ✓ten sam produkt

Nagios XI – brak kontroli dostępu w Web SSH Terminal (RCE/ujawnienie danych)

CVE-2024-14003CRITICAL9.4PL ✓ten sam produkt

RCE w Nagios XI poprzez podatność command injection w pluginach NRDP