CVE-2020-22427
First published: Mon Feb 15 2021(Updated: )
** DISPUTED ** NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Nagios XI | =5.6.11 | |
| =5.6.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this NagiosXI vulnerability?
The vulnerability ID for this NagiosXI vulnerability is CVE-2020-22427.
What is the severity level of CVE-2020-22427?
CVE-2020-22427 has a severity level of high.
How does the CVE-2020-22427 vulnerability affect NagiosXI?
The CVE-2020-22427 vulnerability allows an authenticated nagiosadmin user to inject additional commands into a request in NagiosXI.
How can an attacker exploit CVE-2020-22427?
An attacker can exploit CVE-2020-22427 by injecting additional commands into a request as an authenticated nagiosadmin user.
Are there any known fixes for CVE-2020-22427?
Unfortunately, there are no known fixes for CVE-2020-22427 at the moment. It is recommended to follow the vendor's guidance and monitor for any updates or patches.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/status
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- status/disputed
- vendor/nagios
- canonical/nagios nagios xi
- version/nagios nagios xi/5.6.11