CRITICAL🇵🇱 Wersja polska

CVE-2020-28907

CVSS 9.8v3.1pub. 2021-05-24upd. 2024-11-21

Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nagios Fusion

    APP
    Nagios
    ≤ 4.1.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2020-28902CRITICAL9.8ten sam produkt

Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_su...

CVE-2020-28904CRITICAL9.8ten sam produkt

Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as na...

CVE-2020-28900CRITICAL9.8ten sam produkt

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earl...

CVE-2020-28901CRITICAL9.8ten sam produkt

Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root...

CVE-2020-28908CRITICAL9.8ten sam produkt

Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.