Lucene search

[email protected]CVE-2019-9166

HistoryMar 28, 2019 - 8:29 p.m.

CVE-2019-9166

2019-03-2820:29:01

CWE-732

[email protected]

web.nvd.nist.gov

cve-2019-9166

privilege escalation

nagios xi

nvd

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.

Affected configurations

NVD

Node

nagiosnagios_xiRange<5.5.11

CPENameOperatorVersion
nagios:nagios_xinagios nagios xilt5.5.11

CPE	Name	Operator	Version
nagios:nagios_xi	nagios nagios xi	lt	5.5.11

References

packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html

www.nagios.com/downloads/nagios-xi/change-log/

www.nagios.com/products/security/

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

Related for CVE-2019-9166

prion1 nvd1 cvelist1 packetstorm1 zdt1 checkpoint_advisories1