Vulnerabilities > CVE-2020-22427 - Unspecified vulnerability in Nagios XI 5.6.11

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

nagios

NVD

Published: 2021-02-15

Updated: 2024-04-11

Summary

NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time

Vulnerable Configurations

Part	Description	Count
Application	Nagios Nagios Nagios XI 5.6.11	1

References

https://code610.blogspot.com/2020/03/postauth-rce-bugs-in-nagiosxi-5611.html