Vulnerabilites related to nagios - fusion
Vulnerability from fkie_nvd
Published
2021-05-24 13:15
Modified
2024-11-21 05:23
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.
References
cve@mitre.orghttp://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
cve@mitre.orghttps://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
nagios fusion *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0375-EFE2-43AF-9C99-4A50322D1B09",
              "versionEndIncluding": "4.1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php."
    },
    {
      "lang": "es",
      "value": "Un Control de Acceso Incorrecto en Nagios Fusion versiones 4.1.8 y anteriores, permite a usuarios autenticados pocos privilegiados extraer las contrase\u00f1as usadas para administrar servidores fusionados por medio del comando test_server en el archivo ajaxhelper.php"
    }
  ],
  "id": "CVE-2020-28911",
  "lastModified": "2024-11-21T05:23:16.690",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-24T13:15:08.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-922"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-05-24 13:15
Modified
2024-11-21 05:23
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination.
References
cve@mitre.orghttp://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
cve@mitre.orghttps://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
nagios fusion *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0375-EFE2-43AF-9C99-4A50322D1B09",
              "versionEndIncluding": "4.1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination."
    },
    {
      "lang": "es",
      "value": "Una Comprobaci\u00f3n Inapropiada de la Entrada en Nagios Fusion versiones 4.1.8 y  anteriores, permite a un atacante autenticado ejecutar c\u00f3digo remoto por medio de una paginaci\u00f3n de tabla"
    }
  ],
  "id": "CVE-2020-28905",
  "lastModified": "2024-11-21T05:23:15.807",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-24T13:15:07.990",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-05-24 13:15
Modified
2024-11-21 05:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
References
cve@mitre.orghttp://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
cve@mitre.orghttps://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
nagios fusion *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0375-EFE2-43AF-9C99-4A50322D1B09",
              "versionEndIncluding": "4.1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios."
    },
    {
      "lang": "es",
      "value": "Una Inyecci\u00f3n de Comandos en Nagios Fusion versiones 4.1.8 y  anteriores, permite una Escalada de Privilegios en nagios"
    }
  ],
  "id": "CVE-2020-28908",
  "lastModified": "2024-11-21T05:23:16.243",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-24T13:15:08.090",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-05-24 13:15
Modified
2024-11-21 05:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.
References
cve@mitre.orghttp://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
cve@mitre.orghttps://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
nagios fusion *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0375-EFE2-43AF-9C99-4A50322D1B09",
              "versionEndIncluding": "4.1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh."
    },
    {
      "lang": "es",
      "value": "Una comprobaci\u00f3n incorrecta del certificado SSL en Nagios Fusion versiones 4.1.8 y anteriores, permite una Escalada de Privilegios o una Ejecuci\u00f3n de C\u00f3digo como root por medio de vectores relacionados con la descarga de un paquete de actualizaci\u00f3n que no es confiable en upgrade_to_latest.sh"
    }
  ],
  "id": "CVE-2020-28907",
  "lastModified": "2024-11-21T05:23:16.097",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-24T13:15:08.057",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-05-24 13:15
Modified
2024-11-21 05:23
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.
References
cve@mitre.orghttp://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Third Party Advisory
cve@mitre.orghttps://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
nagios fusion *
nagios nagios_xi *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0375-EFE2-43AF-9C99-4A50322D1B09",
              "versionEndIncluding": "4.1.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D5C6C8F-F712-47A2-80E8-39F49D531C6F",
              "versionEndIncluding": "5.7.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root."
    },
    {
      "lang": "es",
      "value": "Los Permisos de Archivo Incorrectos en Nagios XI versiones 5.7.5 y anteriores y Nagios Fusion versiones 4.1.8 y anteriores, permiten una Escalada de Privilegios a root.\u0026#xa0;Los usuarios pocos privilegiados pueden modificar archivos que son incluidos (tambi\u00e9n se conoce como de origen) mediante scripts ejecutados por root"
    }
  ],
  "id": "CVE-2020-28906",
  "lastModified": "2024-11-21T05:23:15.953",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-24T13:15:08.027",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-05-24 13:15
Modified
2024-11-21 05:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.
References
cve@mitre.orghttp://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
cve@mitre.orghttps://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
nagios fusion *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0375-EFE2-43AF-9C99-4A50322D1B09",
              "versionEndIncluding": "4.1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php."
    },
    {
      "lang": "es",
      "value": "Una Inyecci\u00f3n de Comandos en Nagios Fusion versiones 4.1.8 y  anteriores, permite la escalada de privilegios de apache a root en el archivo cmd_subsys.php"
    }
  ],
  "id": "CVE-2020-28902",
  "lastModified": "2024-11-21T05:23:15.380",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-24T13:15:07.677",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-05-24 13:15
Modified
2024-11-21 05:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.
References
cve@mitre.orghttp://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
cve@mitre.orghttps://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
nagios fusion *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0375-EFE2-43AF-9C99-4A50322D1B09",
              "versionEndIncluding": "4.1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php."
    },
    {
      "lang": "es",
      "value": "Una Inyecci\u00f3n de Comandos en Nagios Fusion versiones 4.1.8 y anteriores, permite la Escalada de Privilegios o una Ejecuci\u00f3n de C\u00f3digo como root por medio de vectores relacionados con la instalaci\u00f3n de componentes corruptos en el archivo cmd_subsys.php"
    }
  ],
  "id": "CVE-2020-28901",
  "lastModified": "2024-11-21T05:23:15.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-24T13:15:07.650",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-05-24 13:15
Modified
2024-11-21 05:23
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo.
References
cve@mitre.orghttp://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
cve@mitre.orghttps://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
nagios fusion *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0375-EFE2-43AF-9C99-4A50322D1B09",
              "versionEndIncluding": "4.1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo."
    },
    {
      "lang": "es",
      "value": "Los Permisos de Archivo Incorrectos en Nagios Fusion versiones 4.1.8 y anteriores, permiten una Escalada de Privilegios a root por medio de la modificaci\u00f3n de los scripts.\u0026#xa0;Los usuarios pocos privilegiados pueden modificar archivos que pueden ser ejecutados por sudo"
    }
  ],
  "id": "CVE-2020-28909",
  "lastModified": "2024-11-21T05:23:16.403",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-24T13:15:08.117",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-05-24 13:15
Modified
2024-11-21 05:23
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS.
References
cve@mitre.orghttp://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
cve@mitre.orghttps://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
nagios fusion *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0375-EFE2-43AF-9C99-4A50322D1B09",
              "versionEndIncluding": "4.1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS."
    },
    {
      "lang": "es",
      "value": "Una Comprobaci\u00f3n Inapropiada de la Entrada en Nagios Fusion versiones 4.1.8 y  anteriores, permite a un atacante remoto con control sobre un servidor fusionado inyectar HTML arbitrario, tambi\u00e9n se conoce como XSS"
    }
  ],
  "id": "CVE-2020-28903",
  "lastModified": "2024-11-21T05:23:15.527",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-24T13:15:07.703",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-06-16 13:29
Modified
2024-11-21 03:45
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.
References
cve@mitre.orghttps://www.nagios.com/downloads/nagios-fusion/change-log/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nagios.com/downloads/nagios-fusion/change-log/Vendor Advisory
Impacted products
Vendor Product Version
nagios fusion *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0408621B-A9B5-4481-B254-7CD09285B65B",
              "versionEndExcluding": "4.1.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335."
    },
    {
      "lang": "es",
      "value": "Nagios Fusion en versiones anteriores a la 4.1.4 tiene Cross-Site Scripting (XSS). Esto tambi\u00e9n se conoce como TPS#13332-13335."
    }
  ],
  "id": "CVE-2018-12501",
  "lastModified": "2024-11-21T03:45:20.603",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-16T13:29:00.207",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-fusion/change-log/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-fusion/change-log/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-05-24 13:15
Modified
2024-11-21 05:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.
References
cve@mitre.orghttp://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
cve@mitre.orghttps://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
nagios fusion *
nagios nagios_xi *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0375-EFE2-43AF-9C99-4A50322D1B09",
              "versionEndIncluding": "4.1.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D5C6C8F-F712-47A2-80E8-39F49D531C6F",
              "versionEndIncluding": "5.7.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh."
    },
    {
      "lang": "es",
      "value": "Una Comprobaci\u00f3n Insuficiente de la Autenticidad de los Datos en Nagios Fusion versiones 4.1.8 y anteriores y Nagios XI versiones 5.7.5 y anteriores, permite la ampliaci\u00f3n de privilegios o una ejecuci\u00f3n de c\u00f3digo como root por medio de vectores relacionados con un paquete de actualizaci\u00f3n que no es confiable para upgrade_to_latest.sh"
    }
  ],
  "id": "CVE-2020-28900",
  "lastModified": "2024-11-21T05:23:15.077",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-24T13:15:07.617",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-05-24 13:15
Modified
2024-11-21 05:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code.
References
cve@mitre.orghttp://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
cve@mitre.orghttps://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
nagios fusion *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0375-EFE2-43AF-9C99-4A50322D1B09",
              "versionEndIncluding": "4.1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code."
    },
    {
      "lang": "es",
      "value": "Una Ejecuci\u00f3n con Privilegios Innecesarios en Nagios Fusion versiones 4.1.8 y  anteriores, permite una Escalada de Privilegios como nagios por medio de la instalaci\u00f3n de un componente malicioso que contiene c\u00f3digo PHP"
    }
  ],
  "id": "CVE-2020-28904",
  "lastModified": "2024-11-21T05:23:15.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-24T13:15:07.957",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2020-28902
Vulnerability from cvelistv5
Published
2021-05-24 12:43
Modified
2024-08-04 16:41
Severity ?
Summary
Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.
References
https://www.nagios.com/downloads/nagios-xi/change-log/x_refsource_MISC
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/x_refsource_MISC
http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:41:00.095Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T19:06:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28902",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nagios.com/downloads/nagios-xi/change-log/",
              "refsource": "MISC",
              "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
            },
            {
              "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/",
              "refsource": "MISC",
              "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
            },
            {
              "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28902",
    "datePublished": "2021-05-24T12:43:33",
    "dateReserved": "2020-11-17T00:00:00",
    "dateUpdated": "2024-08-04T16:41:00.095Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-28904
Vulnerability from cvelistv5
Published
2021-05-24 12:43
Modified
2024-08-04 16:41
Severity ?
Summary
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code.
References
https://www.nagios.com/downloads/nagios-xi/change-log/x_refsource_MISC
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/x_refsource_MISC
http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:41:00.155Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T19:06:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28904",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nagios.com/downloads/nagios-xi/change-log/",
              "refsource": "MISC",
              "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
            },
            {
              "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/",
              "refsource": "MISC",
              "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
            },
            {
              "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28904",
    "datePublished": "2021-05-24T12:43:44",
    "dateReserved": "2020-11-17T00:00:00",
    "dateUpdated": "2024-08-04T16:41:00.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-28907
Vulnerability from cvelistv5
Published
2021-05-24 12:43
Modified
2024-08-04 16:41
Severity ?
Summary
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.
References
https://www.nagios.com/downloads/nagios-xi/change-log/x_refsource_MISC
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/x_refsource_MISC
http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:41:00.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T19:06:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28907",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nagios.com/downloads/nagios-xi/change-log/",
              "refsource": "MISC",
              "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
            },
            {
              "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/",
              "refsource": "MISC",
              "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
            },
            {
              "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28907",
    "datePublished": "2021-05-24T12:43:59",
    "dateReserved": "2020-11-17T00:00:00",
    "dateUpdated": "2024-08-04T16:41:00.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-28905
Vulnerability from cvelistv5
Published
2021-05-24 12:43
Modified
2024-08-04 16:40
Severity ?
Summary
Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination.
References
https://www.nagios.com/downloads/nagios-xi/change-log/x_refsource_MISC
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/x_refsource_MISC
http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:40:59.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T19:06:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28905",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nagios.com/downloads/nagios-xi/change-log/",
              "refsource": "MISC",
              "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
            },
            {
              "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/",
              "refsource": "MISC",
              "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
            },
            {
              "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28905",
    "datePublished": "2021-05-24T12:43:48",
    "dateReserved": "2020-11-17T00:00:00",
    "dateUpdated": "2024-08-04T16:40:59.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-28903
Vulnerability from cvelistv5
Published
2021-05-24 12:43
Modified
2024-08-04 16:40
Severity ?
Summary
Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS.
References
https://www.nagios.com/downloads/nagios-xi/change-log/x_refsource_MISC
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/x_refsource_MISC
http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:40:59.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T19:06:19",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28903",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nagios.com/downloads/nagios-xi/change-log/",
              "refsource": "MISC",
              "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
            },
            {
              "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/",
              "refsource": "MISC",
              "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
            },
            {
              "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28903",
    "datePublished": "2021-05-24T12:43:39",
    "dateReserved": "2020-11-17T00:00:00",
    "dateUpdated": "2024-08-04T16:40:59.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-28900
Vulnerability from cvelistv5
Published
2021-05-24 12:43
Modified
2024-08-04 16:40
Severity ?
Summary
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.
References
https://www.nagios.com/downloads/nagios-xi/change-log/x_refsource_MISC
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/x_refsource_MISC
http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:40:59.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T19:06:18",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28900",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nagios.com/downloads/nagios-xi/change-log/",
              "refsource": "MISC",
              "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
            },
            {
              "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/",
              "refsource": "MISC",
              "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
            },
            {
              "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28900",
    "datePublished": "2021-05-24T12:43:22",
    "dateReserved": "2020-11-17T00:00:00",
    "dateUpdated": "2024-08-04T16:40:59.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-12501
Vulnerability from cvelistv5
Published
2018-06-16 13:00
Modified
2024-09-17 02:32
Severity ?
Summary
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.
References
https://www.nagios.com/downloads/nagios-fusion/change-log/x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:38:06.158Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.nagios.com/downloads/nagios-fusion/change-log/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-16T13:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.nagios.com/downloads/nagios-fusion/change-log/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-12501",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nagios.com/downloads/nagios-fusion/change-log/",
              "refsource": "CONFIRM",
              "url": "https://www.nagios.com/downloads/nagios-fusion/change-log/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-12501",
    "datePublished": "2018-06-16T13:00:00Z",
    "dateReserved": "2018-06-16T00:00:00Z",
    "dateUpdated": "2024-09-17T02:32:18.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-28911
Vulnerability from cvelistv5
Published
2021-05-24 12:44
Modified
2024-08-04 16:41
Severity ?
Summary
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.
References
https://www.nagios.com/downloads/nagios-xi/change-log/x_refsource_MISC
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/x_refsource_MISC
http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:41:00.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T19:06:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28911",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nagios.com/downloads/nagios-xi/change-log/",
              "refsource": "MISC",
              "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
            },
            {
              "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/",
              "refsource": "MISC",
              "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
            },
            {
              "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28911",
    "datePublished": "2021-05-24T12:44:30",
    "dateReserved": "2020-11-17T00:00:00",
    "dateUpdated": "2024-08-04T16:41:00.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-28908
Vulnerability from cvelistv5
Published
2021-05-24 12:44
Modified
2024-08-04 16:40
Severity ?
Summary
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
References
https://www.nagios.com/downloads/nagios-xi/change-log/x_refsource_MISC
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/x_refsource_MISC
http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:40:59.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T19:06:17",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28908",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nagios.com/downloads/nagios-xi/change-log/",
              "refsource": "MISC",
              "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
            },
            {
              "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/",
              "refsource": "MISC",
              "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
            },
            {
              "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28908",
    "datePublished": "2021-05-24T12:44:04",
    "dateReserved": "2020-11-17T00:00:00",
    "dateUpdated": "2024-08-04T16:40:59.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-28901
Vulnerability from cvelistv5
Published
2021-05-24 12:43
Modified
2024-08-04 16:40
Severity ?
Summary
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.
References
https://www.nagios.com/downloads/nagios-xi/change-log/x_refsource_MISC
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/x_refsource_MISC
http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:40:59.962Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T19:06:21",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28901",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nagios.com/downloads/nagios-xi/change-log/",
              "refsource": "MISC",
              "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
            },
            {
              "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/",
              "refsource": "MISC",
              "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
            },
            {
              "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28901",
    "datePublished": "2021-05-24T12:43:27",
    "dateReserved": "2020-11-17T00:00:00",
    "dateUpdated": "2024-08-04T16:40:59.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-28909
Vulnerability from cvelistv5
Published
2021-05-24 12:44
Modified
2024-08-04 16:41
Severity ?
Summary
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo.
References
https://www.nagios.com/downloads/nagios-xi/change-log/x_refsource_MISC
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/x_refsource_MISC
http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:41:00.131Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T19:06:19",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28909",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nagios.com/downloads/nagios-xi/change-log/",
              "refsource": "MISC",
              "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
            },
            {
              "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/",
              "refsource": "MISC",
              "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
            },
            {
              "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28909",
    "datePublished": "2021-05-24T12:44:10",
    "dateReserved": "2020-11-17T00:00:00",
    "dateUpdated": "2024-08-04T16:41:00.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-28906
Vulnerability from cvelistv5
Published
2021-05-24 12:43
Modified
2024-08-04 16:40
Severity ?
Summary
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.
References
https://www.nagios.com/downloads/nagios-xi/change-log/x_refsource_MISC
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/x_refsource_MISC
http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:40:59.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T19:06:21",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28906",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nagios.com/downloads/nagios-xi/change-log/",
              "refsource": "MISC",
              "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
            },
            {
              "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/",
              "refsource": "MISC",
              "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/"
            },
            {
              "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28906",
    "datePublished": "2021-05-24T12:43:53",
    "dateReserved": "2020-11-17T00:00:00",
    "dateUpdated": "2024-08-04T16:40:59.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}