6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
90.4%
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios
3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send
commands to the Nagios process, and trigger execution of arbitrary programs
by this process, via unspecified HTTP requests.
Author | Note |
---|---|
mdeslaur | Nagios 1.x doesn’t have the CMD_CHANGE commands, so remote attackers wouldn’t be able to trigger arbitrary programs. |