SB2021052531 - Multiple vulnerabilities in Nagios XI and Nagios Fusion

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021052531

SB2021052531 - Multiple vulnerabilities in Nagios XI and Nagios Fusion

Published: May 25, 2021

Security Bulletin ID SB2021052531
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 92% Low 8%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 vulnerabilities.


1) Insufficient verification of data authenticity (CVE-ID: CVE-2020-28900)

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to insufficient verification of data authenticity within the upgrade_to_latest.sh. A remote authenticated attacker can gain elevated privileges on the system.


2) OS Command Injection (CVE-ID: CVE-2020-28901)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the "component_dir" parameter in cmd_subsys.php. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) OS Command Injection (CVE-ID: CVE-2020-28902)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the "timezone" parameter in cmd_subsys.php. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Cross-site scripting (CVE-ID: CVE-2020-28903)

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear


The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


5) Execution with unnecessary privileges (CVE-ID: CVE-2020-28904)

CWE-ID: CWE-250 - Execution with Unnecessary Privileges

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to execution with unnecessary privileges. A remote authenticated attacker can install a malicious component containing PHP code and gain elevated privileges on the system.


6) Code Injection (CVE-ID: CVE-2020-28905)

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the table pagination. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-28906)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect file permissions in fusion-sys.cfg / xi-sys.cfg. A remote authenticated attacker can modify files that are included by scripts and gain elevated privileges on the target system.


8) Improper Certificate Validation (CVE-ID: CVE-2020-28907)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to incorrect SSL certificate validation in upgrade_to_latest.sh. A remote authenticated attacker can execute arbitrary code on the target system with elevated privileges.


9) OS Command Injection (CVE-ID: CVE-2020-28908)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in cmd_subsys.php. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-28909)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect file permissions. A remote authenticated attacker can modify files that can be executed by sudo and gain elevated privileges on the target system.


11) Creation of Temporary File With Insecure Permissions (CVE-ID: CVE-2020-28910)

CWE-ID: CWE-378 - Creation of Temporary File With Insecure Permissions

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to creation of a temporary directory with insecure permissions in getprofile.sh. A remote authenticated attacker can gain elevated privileges on the target system.


12) Improper access control (CVE-ID: CVE-2020-28911)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the "test_server" command in ajaxhelper.php. A remote authenticated attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.


Remediation

Install update from vendor's website.

References