CVE-2018-16145

Name of the Vulnerable Software and Affected Versions Opsview Monitor versions prior to 5.3.1 Opsview Monitor versions 5.4.x prior to 5.4.2

Description The issue concerns the /etc/init.d/opsview-reporting-module script, which runs at boot time and invokes a file editable by the nagios user. This allows attackers to elevate their privileges to root after a system restart, giving them full control of the appliance.

Recommendations For Opsview Monitor versions prior to 5.3.1, update to version 5.3.1 or later. For Opsview Monitor versions 5.4.x prior to 5.4.2, update to version 5.4.2 or later.