Fusion@* Security Vulnerabilities and Issues — Fusion@* CVE List

Lucene search

NagiosFusion*

12 matches found

CVE•added 2021/05/24 1:15 p.m.•52 views

CVE-2020-28905

Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination.

8.8CVSS9.1AI score0.44173EPSS

CVE•added 2021/05/24 1:15 p.m.•50 views

CVE-2020-28900

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.

10CVSS9.4AI score0.00352EPSS

CVE•added 2021/05/24 1:15 p.m.•49 views

CVE-2020-28901

Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.

10CVSS9.6AI score0.00988EPSS

CVE•added 2021/05/24 1:15 p.m.•48 views

CVE-2020-28904

Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code.

9.8CVSS9.5AI score0.0026EPSS

CVE•added 2021/05/24 1:15 p.m.•47 views

CVE-2020-28906

Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.

9CVSS9AI score0.00279EPSS

CVE•added 2021/05/24 1:15 p.m.•45 views

CVE-2020-28911

Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.

6.5CVSS7.9AI score0.07404EPSS

CVE•added 2021/05/24 1:15 p.m.•44 views

CVE-2020-28903

Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS.

6.1CVSS7.8AI score0.06319EPSS

CVE•added 2021/05/24 1:15 p.m.•44 views

CVE-2020-28907

Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.

10CVSS9.4AI score0.00157EPSS

CVE•added 2018/06/16 1:29 p.m.•42 views

CVE-2018-12501

Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.

6.1CVSS6.3AI score0.03262EPSS

CVE•added 2021/05/24 1:15 p.m.•41 views

CVE-2020-28902

Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.

10CVSS9.6AI score0.02064EPSS

CVE•added 2021/05/24 1:15 p.m.•40 views

CVE-2020-28908

Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.

9.8CVSS9.7AI score0.05955EPSS

CVE•added 2021/05/24 1:15 p.m.•36 views

CVE-2020-28909

Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo.

9CVSS9.2AI score0.00307EPSS