CVE-2020-5792
First published: Tue Oct 20 2020(Updated: )
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios | =5.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-5792?
CVE-2020-5792 is considered a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2020-5792?
To fix CVE-2020-5792, upgrade Nagios XI to version 5.7.4 or later.
Who is affected by CVE-2020-5792?
CVE-2020-5792 affects Nagios XI version 5.7.3 deployed on any system accessible to authenticated admin users.
What attacks can be carried out using CVE-2020-5792?
CVE-2020-5792 allows an authenticated attacker to write to arbitrary files and execute code with the privileges of the apache user.
What is Nagios XI?
Nagios XI is an application used for IT infrastructure monitoring that can be affected by vulnerabilities such as CVE-2020-5792.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/nagios
- canonical/nagios
- version/nagios/5.7.3