Main Vulnerability Database Exploits ID:3712 - Exploit for Link following in Nagios - CVE-2014-4703

ID:3712 - Exploit for Link following in Nagios - CVE-2014-4703

Published: August 4, 2020

Vulnerability identifier: #VU33657

Vulnerability risk: Low

CVE-ID: CVE-2014-4703

CWE-ID: CWE-59

Exploitation vector: Local access

Vulnerable software:
Nagios

Link to public exploit:

https://www.exploit-db.com/exploits/33904/

Vulnerability description

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.

Remediation

Install update from vendor's website.

ID:3712 - Exploit for Link following in Nagios - CVE-2014-4703

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human