Command Injection Vulnerability in Nagios NRPE by Nagios Enterprises
CVE-2020-6581

7.3HIGH

Key Information:

Vendor

Nagios

Status
Remote Plug In Executor
Vendor
CVE Published:
16 March 2020

What is CVE-2020-6581?

Nagios NRPE version 3.2.1 is susceptible to command injection due to inadequate filtering mechanisms. Specifically, the handling of special characters such as newline characters can lead to unintended command execution. This flaw occurs when the application misinterprets input, allowing an attacker to potentially execute malicious commands on the server through crafted input. Proper sanitization and validation of user input are crucial to mitigate this type of vulnerability.

References

https://herolab.usd.de/security-advisories/
x_refsource_MISC
https://herolab.usd.de/security-advisories/usd-2020-0002/
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.