Main Vulnerability Database Vulnerabilities #VU14605

#VU14605 Command injection in Opsview Monitor - CVE-2018-16146

Published: September 5, 2018

Vulnerability identifier: #VU14605

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-16146

CWE-ID: CWE-77

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Opsview Monitor

Software vendor:
Opsview

Description

The disclosed vulnerability allows a local administrative attacker to execute arbitrary commands on the target system.

The vulnerability exists due to the 'value' parameter is not properly sanitized. A local attacker can access a Opsview Web Management console functionality, test notifications that are triggered under certain configurable events and execute arbitrary commands with nagios' user privileges.

Remediation

The vulnerability has been fixed in the versions 5.3.1, 5.4.2, 6.0.

External links

https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities

#VU14605 Command injection in Opsview Monitor - CVE-2018-16146

Description

Remediation

External links

Please verify you're human