Multiple vulnerabilities in Nagios XI and Nagios Fusion
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2020-28900 CVE-2020-28901 CVE-2020-28902 CVE-2020-28903 CVE-2020-28904 CVE-2020-28905 CVE-2020-28906 CVE-2020-28907 CVE-2020-28908 CVE-2020-28909 CVE-2020-28910 CVE-2020-28911 |
| CWE-ID | CWE-345 CWE-78 CWE-79 CWE-250 CWE-94 CWE-264 CWE-295 CWE-378 CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Nagios Fusion Server applications / SCADA systems Nagios XI Server applications / Other server solutions |
| Vendor | nagios.org |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Insufficient verification of data authenticity
EUVDB-ID: #VU53515
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28900
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to insufficient verification of data authenticity within the upgrade_to_latest.sh. A remote authenticated attacker can gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNagios Fusion: 4.0.0 - 4.1.8
Nagios XI: 5.7.0 - 5.7.5
External linkshttp://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
http://www.nagios.com/downloads/nagios-xi/change-log/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) OS Command Injection
EUVDB-ID: #VU53516
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28901
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the "component_dir" parameter in cmd_subsys.php. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNagios Fusion: 4.0.0 - 4.1.8
External linkshttp://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
http://www.nagios.com/downloads/nagios-xi/change-log/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) OS Command Injection
EUVDB-ID: #VU53517
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28902
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the "timezone" parameter in cmd_subsys.php. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNagios Fusion: 4.0.0 - 4.1.8
External linkshttp://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
http://www.nagios.com/downloads/nagios-xi/change-log/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cross-site scripting
EUVDB-ID: #VU53518
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28903
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNagios Fusion: 4.0.0 - 4.1.8
External linkshttp://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
http://www.nagios.com/downloads/nagios-xi/change-log/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Execution with unnecessary privileges
EUVDB-ID: #VU53519
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28904
CWE-ID:
CWE-250 - Execution with Unnecessary Privileges
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to execution with unnecessary privileges. A remote authenticated attacker can install a malicious component containing PHP code and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNagios Fusion: 4.0.0 - 4.1.8
External linkshttp://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
http://www.nagios.com/downloads/nagios-xi/change-log/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Code Injection
EUVDB-ID: #VU53520
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28905
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the table pagination. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNagios Fusion: 4.0.0 - 4.1.8
External linkshttp://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
http://www.nagios.com/downloads/nagios-xi/change-log/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53521
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28906
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to incorrect file permissions in fusion-sys.cfg / xi-sys.cfg. A remote authenticated attacker can modify files that are included by scripts and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNagios XI: 5.7.0 - 5.7.5
Nagios Fusion: 4.0.0 - 4.1.8
External linkshttp://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
http://www.nagios.com/downloads/nagios-xi/change-log/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper Certificate Validation
EUVDB-ID: #VU53522
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28907
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to incorrect SSL certificate validation in upgrade_to_latest.sh. A remote authenticated attacker can execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNagios Fusion: 4.0.0 - 4.1.8
External linkshttp://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
http://www.nagios.com/downloads/nagios-xi/change-log/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) OS Command Injection
EUVDB-ID: #VU53525
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28908
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in cmd_subsys.php. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNagios Fusion: 4.0.0 - 4.1.8
External linkshttp://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
http://www.nagios.com/downloads/nagios-xi/change-log/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53526
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28909
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to incorrect file permissions. A remote authenticated attacker can modify files that can be executed by sudo and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNagios Fusion: 4.0.0 - 4.1.8
External linkshttp://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
http://www.nagios.com/downloads/nagios-xi/change-log/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Creation of Temporary File With Insecure Permissions
EUVDB-ID: #VU53527
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28910
CWE-ID:
CWE-378 - Creation of Temporary File With Insecure Permissions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to creation of a temporary directory with insecure permissions in getprofile.sh. A remote authenticated attacker can gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNagios XI: 5.7.0 - 5.7.5
External linkshttp://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
http://www.nagios.com/downloads/nagios-xi/change-log/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper access control
EUVDB-ID: #VU53531
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28911
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the "test_server" command in ajaxhelper.php. A remote authenticated attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNagios Fusion: 4.0.0 - 4.1.8
External linkshttp://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
http://www.nagios.com/downloads/nagios-xi/change-log/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
