Main Vulnerability Database Exploits ID:4494 - Exploit for OS Command Injection in Nagios-NRPE - CVE-2013-1362

ID:4494 - Exploit for OS Command Injection in Nagios-NRPE - CVE-2013-1362

Published: August 14, 2020

Vulnerability identifier: #VU45691

Vulnerability risk: High

CVE-ID: CVE-2013-1362

CWE-ID: CWE-78

Exploitation vector: Remote access

Vulnerable software:
Nagios-NRPE

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/linux/misc/nagios_nrpe_arguments

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

Remediation

Install updates from vendor's website.

ID:4494 - Exploit for OS Command Injection in Nagios-NRPE - CVE-2013-1362

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human