Vulnerabilities > CVE-2020-5796 - Improper Preservation of Permissions vulnerability in Nagios XI 5.7.4

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

nagios

CWE-281

NVD

Published: 2020-11-13

Updated: 2020-11-24

Summary

Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.

Vulnerable Configurations

Part	Description	Count
Application	Nagios Nagios Nagios XI 5.7.4	1

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://www.tenable.com/security/research/tra-2020-61