Vulnerability Details : CVE-2020-28907
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.
Products affected by CVE-2020-28907
- cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-28907
1.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-28907
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-28907
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-28907
-
https://www.nagios.com/downloads/nagios-xi/change-log/
Nagios XI Change Log - NagiosRelease Notes;Vendor Advisory
-
http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html
Third Party Advisory;VDB Entry
-
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
Skylight Cyber | 13 Nagios Vulnerabilities, #7 will SHOCK you!Exploit;Third Party Advisory
Jump to