CVE-2020-28906
First published: Mon May 24 2021(Updated: )
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Fusion | <=4.1.8 | |
| Nagios Nagios XI | <=5.7.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-28906.
What is the severity of CVE-2020-28906?
CVE-2020-28906 has a severity rating of 8.8 (critical).
What is the affected software?
Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier are affected by this vulnerability.
What is the risk of this vulnerability?
This vulnerability allows for Privilege Escalation to root, potentially allowing low-privileged users to execute scripts with root privileges.
Are there any available fixes for CVE-2020-28906?
The vendor has not provided an official fix for this vulnerability at the moment. It is recommended to update to the latest version of Nagios XI and Nagios Fusion once a patch is released.
- collector/nvd-index
- agent/type
- agent/event
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/nagios
- canonical/nagios fusion
- version/nagios fusion/4.1.8
- canonical/nagios nagios xi
- version/nagios nagios xi/5.7.5