CVE-2023-28354

Name of the Vulnerable Software and Affected Versions Opsview Monitor Agent version 6.8

Description A problem was discovered in Opsview Monitor Agent where an unauthenticated remote attacker can call check nrpe against affected targets, specifying known NRPE plugins. In default installations, these plugins are configured to accept command control characters and pass them to command-line interpreters for NRPE plugin execution. This allows the attacker to escape NRPE plugin execution and execute commands remotely on the target as NT AUTHORITYSYSTEM.

Recommendations For Opsview Monitor Agent version 6.8, consider disabling the check nrpe function until a patch is available to prevent remote attackers from executing commands on the target system. Restrict access to known NRPE plugins to minimize the risk of exploitation. Avoid using command control characters in NRPE plugin configurations to prevent attackers from escaping plugin execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.