Local Privilege Escalation in Nagios Core by Nagios Enterprises
CVE-2017-14312

7.8HIGH

Key Information:

Vendor

Nagios

Status
Nagios Core
Vendor
CVE Published:
11 September 2017

What is CVE-2017-14312?

Nagios Core, up to version 4.3.4, presents a local privilege escalation vulnerability due to its ability to execute core files as root while allowing configuration setups where these files can be owned by non-root users. This scenario enables local users with access to such non-root accounts to exploit this misconfiguration and escalate their privileges within the system, posing a significant security risk.

References

https://security.gentoo.org/glsa/201812-03
vendor-advisoryx_refsource_GENTOO
https://github.com/NagiosEnterprises/nagioscore/issues/424
x_refsource_MISC
http://www.securityfocus.com/bid/100881
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.