CVE-2020-28907
First published: Mon May 24 2021(Updated: )
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Fusion | <=4.1.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-28907?
CVE-2020-28907 is a vulnerability in Nagios Fusion 4.1.8 and earlier that allows for Escalation of Privileges or Code Execution as root.
What is the severity of CVE-2020-28907?
CVE-2020-28907 has a severity rating of critical (9.8).
How does CVE-2020-28907 occur?
CVE-2020-28907 occurs due to incorrect SSL certificate validation when downloading an untrusted update package in upgrade_to_latest.sh.
How can CVE-2020-28907 be exploited?
CVE-2020-28907 can be exploited by an attacker to escalate privileges or execute arbitrary code as root.
Is there a fix available for CVE-2020-28907?
Yes, users should update Nagios Fusion to a version that is not affected by CVE-2020-28907.
- collector/nvd-index
- agent/tags
- agent/event
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/nagios
- canonical/nagios fusion
- version/nagios fusion/4.1.8