exploitDog

CVE-2019-20197

Опубликовано: 31 дек. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Средний

Описание

In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.

Ссылки

https://code610.blogspot.com/2019/12/postauth-rce-in-latest-nagiosxi.html
Exploit
Third Party Advisory
https://code610.blogspot.com/2019/12/postauth-rce-in-latest-nagiosxi.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nagios:nagios_xi:5.6.9:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.43613

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-4ccv-pj8j-48ph

github

больше 3 лет назад

In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.

EPSS

Процентиль: 97%

0.43613

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78