Improper Neutralization of Special Elements in Output Used by a Downstream Component in www.nagios nrpe

Published: 2020-03-16 | Updated: 2020-12-11

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2020-6581
CWE-ID	CWE-74
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	nrpe Other software / Other software solutions
Vendor	www.nagios.org

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Improper Neutralization of Special Elements in Output Used by a Downstream Component

EUVDB-ID: #VU48930

Risk: High

CVSSv4.0: 5.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-6581

CWE-ID: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets as the character and the character n (not as the newline sequence). This can cause command injection.

Mitigation

Install update from vendor's website.

Vulnerable software versions

nrpe: 3.2.1

CPE2.3

cpe:2.3:a:www.nagios.org:nrpe:3.2.1:*:*:*:*:*:*:*

External links

https://herolab.usd.de/security-advisories/
https://herolab.usd.de/security-advisories/usd-2020-0002/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.