CVE-2023-37154

Name of the Vulnerable Software and Affected Versions Nagios nagios-plugins version 2.4.5

Description The issue concerns arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with ${IFS} in the check by ssh component of Nagios nagios-plugins. This allows a remote attacker to execute arbitrary commands. The vulnerability is related to the lack of measures to neutralize special elements used in operating system commands.

Recommendations For Nagios nagios-plugins version 2.4.5, update to the latest version to mitigate the risk of arbitrary command execution. As a temporary workaround, consider disabling the check by ssh function until a patch is available. Restrict access to the ProxyCommand, LocalCommand, and PermitLocalCommand configurations to minimize the risk of exploitation. Avoid using the ${IFS} variable in the affected SSH configurations until the issue is resolved.