Vulnerability Details CVE-2020-28907
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html
- https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
- https://www.nagios.com/downloads/nagios-xi/change-log/
- http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html
- https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
- https://www.nagios.com/downloads/nagios-xi/change-log/
Products affected by CVE-2020-28907
-
cpe:2.3:a:nagios:fusion:4.0.0
-
cpe:2.3:a:nagios:fusion:4.0.1
-
cpe:2.3:a:nagios:fusion:4.1.0
-
cpe:2.3:a:nagios:fusion:4.1.1
-
cpe:2.3:a:nagios:fusion:4.1.2
-
cpe:2.3:a:nagios:fusion:4.1.3
-
cpe:2.3:a:nagios:fusion:4.1.4
-
cpe:2.3:a:nagios:fusion:4.1.5
-
cpe:2.3:a:nagios:fusion:4.1.6
-
cpe:2.3:a:nagios:fusion:4.1.7
-
cpe:2.3:a:nagios:fusion:4.1.8