NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time
References
Link | Resource |
---|---|
https://code610.blogspot.com/2020/03/postauth-rce-bugs-in-nagiosxi-5611.html | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 03:19
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
Summary | NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time |
26 Mar 2021, 19:12
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.2 |
15 Mar 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time. |
22 Feb 2021, 14:40
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
References | (MISC) https://code610.blogspot.com/2020/03/postauth-rce-bugs-in-nagiosxi-5611.html - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:nagios:nagios_xi:5.6.11:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
15 Feb 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-15 18:15
Updated : 2024-04-11 01:07
NVD link : CVE-2020-22427
Mitre link : CVE-2020-22427
CVE.ORG link : CVE-2020-22427
JSON object : View
Products Affected
nagios
- nagios_xi
CWE