CVE-2020-36868

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.3

Description Nagios XI versions prior to 5.7.3 have a privilege escalation issue in the getprofile.sh helper script. The script handles profile retrieval and initialization with insecure file and command handling, and lacks sufficient validation of attacker-controlled inputs. In some deployments, the script runs with elevated privileges. A local attacker with low-level access could exploit these weaknesses to execute arbitrary commands or modify privileged files, leading to privilege escalation.

Recommendations Update to a version of Nagios XI at or above 5.7.3.