CVE-2011-10035

Опубликовано: 30 окт. 2025

Источник: nvd

CVSS3: 7

EPSS Низкий

Описание

Nagios XI versions prior to 2011R1.9 contain privilege escalation vulnerabilities in the scripts that install or update system crontab entries. Due to time-of-check/time-of-use race conditions and missing synchronization or final-path validation, a local low-privileged user could manipulate filesystem state during crontab installation to influence the files or commands executed with elevated privileges, resulting in execution with higher privileges.

Ссылки

https://www.nagios.com/changelog/nagios-xi/
Release Notes
https://www.vulncheck.com/advisories/nagios-xi-race-conditions-in-crontab-install-script-lpe
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*

Версия до 2009 (включая)

cpe:2.3:a:nagios:nagios_xi:2011:r1:*:*:*:*:*:*

cpe:2.3:a:nagios:nagios_xi:2011:r1.1:*:*:*:*:*:*

cpe:2.3:a:nagios:nagios_xi:2011:r1.2:*:*:*:*:*:*

cpe:2.3:a:nagios:nagios_xi:2011:r1.3:*:*:*:*:*:*

cpe:2.3:a:nagios:nagios_xi:2011:r1.4:*:*:*:*:*:*

cpe:2.3:a:nagios:nagios_xi:2011:r1.5:*:*:*:*:*:*

cpe:2.3:a:nagios:nagios_xi:2011:r1.6:*:*:*:*:*:*

cpe:2.3:a:nagios:nagios_xi:2011:r1.7:*:*:*:*:*:*

cpe:2.3:a:nagios:nagios_xi:2011:r1.8:*:*:*:*:*:*

EPSS

Процентиль: 3%

0.00016

Низкий

7 High

CVSS3

Дефекты

CWE-367

Связанные уязвимости

GHSA-rmp9-wcq5-wff8