Lucene search

[email protected]CVE-2020-28648

HistoryNov 16, 2020 - 3:15 a.m.

CVE-2020-28648

2020-11-1603:15:00

CWE-20

[email protected]

web.nvd.nist.gov

nagios xi

input validation

cve-2020-28648

security vulnerability

remote code execution

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.124 Low

EPSS

Percentile

95.4%

JSON

Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.

CPENameOperatorVersion
nagios:nagios_xinagios nagios xilt5.7.5

CPE	Name	Operator	Version
nagios:nagios_xi	nagios nagios xi	lt	5.7.5

References

packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html

skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/

www.nagios.com/downloads/nagios-xi/change-log/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.124 Low

EPSS

Percentile

95.4%

JSON

Related for CVE-2020-28648

checkpoint_advisories1 prion1 cvelist1 nessus1 thn1