CVE-2018-25122
Nagios XI < 5.4.13 Component Download Page RCE
Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inject commands or otherwise execute arbitrary code with the privileges of the application service.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Nagios · XI¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →