PT-2020-13813 · Nagios+1 · Nagios+1

Published

2020-06-09

Updated

2024-06-15

CVE-2020-13977

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Nagios version 4.4.5

Description The issue allows an attacker with administrative access to modify the Alert Histogram and Trends code by crafting specific versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files, after changing the "URL for JSON CGIs" configuration setting.

Recommendations For Nagios version 4.4.5, consider restricting access to the configuration setting for the "URL for JSON CGIs" and limit modifications to the archivejson.cgi, objectjson.cgi, and statusjson.cgi files to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-829

Related Identifiers

CVE-2020-13977

MGASA-2021-0209

OPENSUSE-SU-2021:0715-1

OPENSUSE-SU-2021:0735-1

OPENSUSE-SU-2021_0715-1

OPENSUSE-SU-2024:11073-1

Affected Products

Nagios

Suse

PT-2020-13813 · Nagios+1 · Nagios+1

CVE-2020-13977

Weakness Enumeration

Related Identifiers

Affected Products

References · 47