CVE-2020-28900
First published: Mon May 24 2021(Updated: )
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Fusion | <=4.1.8 | |
| Nagios Nagios XI | <=5.7.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-28900?
CVE-2020-28900 is a vulnerability in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier that allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.
What is the severity of CVE-2020-28900?
CVE-2020-28900 has a severity rating of 9.8 (critical).
How does CVE-2020-28900 impact Nagios Fusion and Nagios XI?
CVE-2020-28900 allows for Escalation of Privileges or Code Execution as root in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier.
How can I fix CVE-2020-28900?
To fix CVE-2020-28900, it is recommended to upgrade to the latest version of Nagios Fusion and Nagios XI.
Where can I find more information about CVE-2020-28900?
You can find more information about CVE-2020-28900 at the following references: [1] [2] [3].
- collector/nvd-index
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/severity
- agent/references
- agent/tags
- agent/type
- agent/author
- collector/mitre-cve
- source/MITRE
- vendor/nagios
- canonical/nagios fusion
- version/nagios fusion/4.1.8
- canonical/nagios nagios xi
- version/nagios nagios xi/5.7.5