Shodan
Vulnerabilities
Vulnerable Software
Nagios:  Security Vulnerabilities
CVE-2020-28901
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.
CVSS Score
9.8
EPSS Score
0.055
Published
2021-05-24
CVE-2020-28902
Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.
CVSS Score
9.8
EPSS Score
0.104
Published
2021-05-24
CVE-2020-28903
Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS.
CVSS Score
6.1
EPSS Score
0.263
Published
2021-05-24
CVE-2020-28904
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-05-24
CVE-2020-28905
Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination.
CVSS Score
8.8
EPSS Score
0.592
Published
2021-05-24
CVE-2021-28924
Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page.
CVSS Score
6.1
EPSS Score
0.524
Published
2021-04-08
CVE-2021-28925
SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.
CVSS Score
9.8
EPSS Score
0.477
Published
2021-04-08
CVE-2021-3273
Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.
CVSS Score
7.2
EPSS Score
0.255
Published
2021-02-25
CVE-2020-22427
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time
CVSS Score
7.2
EPSS Score
0.102
Published
2021-02-15
CVE-2020-24899
Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.
CVSS Score
8.8
EPSS Score
0.045
Published
2021-02-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved