SB2021052531 - Multiple vulnerabilities in Nagios XI and Nagios Fusion

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021052531

SB2021052531 - Multiple vulnerabilities in Nagios XI and Nagios Fusion

Published: May 25, 2021

Security Bulletin ID SB2021052531
Severity
Medium
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 92% Low 8%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Insufficient verification of data authenticity (CVE-ID: CVE-2020-28900)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to insufficient verification of data authenticity within the upgrade_to_latest.sh. A remote authenticated attacker can gain elevated privileges on the system.


2) OS Command Injection (CVE-ID: CVE-2020-28901)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the "component_dir" parameter in cmd_subsys.php. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) OS Command Injection (CVE-ID: CVE-2020-28902)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the "timezone" parameter in cmd_subsys.php. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Cross-site scripting (CVE-ID: CVE-2020-28903)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


5) Execution with unnecessary privileges (CVE-ID: CVE-2020-28904)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to execution with unnecessary privileges. A remote authenticated attacker can install a malicious component containing PHP code and gain elevated privileges on the system.


6) Code Injection (CVE-ID: CVE-2020-28905)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the table pagination. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-28906)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect file permissions in fusion-sys.cfg / xi-sys.cfg. A remote authenticated attacker can modify files that are included by scripts and gain elevated privileges on the target system.


8) Improper Certificate Validation (CVE-ID: CVE-2020-28907)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to incorrect SSL certificate validation in upgrade_to_latest.sh. A remote authenticated attacker can execute arbitrary code on the target system with elevated privileges.


9) OS Command Injection (CVE-ID: CVE-2020-28908)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in cmd_subsys.php. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-28909)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect file permissions. A remote authenticated attacker can modify files that can be executed by sudo and gain elevated privileges on the target system.


11) Creation of Temporary File With Insecure Permissions (CVE-ID: CVE-2020-28910)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to creation of a temporary directory with insecure permissions in getprofile.sh. A remote authenticated attacker can gain elevated privileges on the target system.


12) Improper access control (CVE-ID: CVE-2020-28911)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the "test_server" command in ajaxhelper.php. A remote authenticated attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.


Remediation

Install update from vendor's website.

References