CYBER SECURITY

Work from home can modify Endpoint Security…

[ad_1]

Corporate vulnerabilities
National Vulnerability Database from DHS/US-CERT

CVE-2020-28906
Published: 2021-05-24

Incorrect file permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allow privilege escalation to the root user. Low-privileged users can modify files contained in scripts executed by root (also known as source files).

CVE-2020-28907
Published: 2021-05-24

Incorrect SSL certificate verification in Nagios Fusion 4.1.8 and earlier versions allows to upgrade privileges or execute code as root via vectors related to downloading untrusted update packages in upgrade_to_latest.sh.

CVE-2020-28908
Published: 2021-05-24

Command injection in Nagios Fusion 4.1.8 and earlier versions allows escalation of privileges to nagios.

CVE-2020-28909
Published: 2021-05-24

Incorrect file permissions in Nagios Fusion 4.1.8 and earlier versions allow the privilege escalation to be rooted by modifying the script. Low-privileged users can modify files that can be executed by sudo.

CVE-2020-28910
Published: 2021-05-24

To create a temporary directory with insecure permissions in Nagios XI 5.7.5 and earlier versions, you can create a symbolic link for privilege escalation, and the symbolic link is not handled properly in getprofile.sh.

Related Articles

Back to top button