CVE-2020-22427

Name of the Vulnerable Software and Affected Versions NagiosXI version 5.6.11

Description The issue allows an authenticated nagiosadmin user to inject additional commands into a request, potentially leading to remote code execution. The vendor disputes the actionability of the vulnerability due to omitted technical details, which may be disclosed at a later time through a subscription service.

Recommendations For NagiosXI version 5.6.11, consider restricting access to authenticated users and limiting the ability to inject commands into requests as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.